A high-severity vulnerability in several cardiac healthcare devices could allow attackers to access privileged accounts without a password and seize control of the devices.
The authentication bypass flaw in certain products made by Hillrom exists when the devices have been configured to use single sign-on (SSO).
It allows the manual entry of all active directory (AD) accounts provisioned within the application, meaning access will be granted without having to provide the associated password.
A remote attacker could therefore access the application under the provided AD account and gain all privileges associated with the account.
The following Hillrom cardiology products, when configured to use SSO, are affected:
– Welch Allyn Q-Stress Cardiac Stress Testing System: Versions 6.0.0 through 6.3.1
– Welch Allyn X-Scribe Cardiac Stress Testing System: Versions 5.01 through 6.3.1
– Welch Allyn Diagnostic Cardiology Suite: Version 2.1.0
– Welch Allyn Vision Express: Versions 6.1.0 through 6.4.0
– Welch Allyn H-Scribe Holter Analysis System: Versions 5.01 through 6.4.0
– Welch Allyn R-Scribe Resting ECG System: Versions 5.01 through 7.0.0
– Welch Allyn Connex Cardio: Versions 1.0.0 through 1.1.1
The vulnerability (tracked as CVE-2021-43935) has been assigned a CVSS score of 8.1 out of 10.
Hillrom plans to address the issue in its next release, therefore the vulnerability currently remains unpatched.
To mitigate the risk, Hillrom recommends disabling the SSO feature in the respective Modality Manager Configuration settings.
The US Cybersecurity & Infrastructure Security Agency (CISA) also gave recommendations for protecting systems, including minimizing network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet, and using secure methods for remote access, such as VPNs. However, CISA warned that such products are “only as secure as connected devices”.
The Daily Swig has reached out to Hillrom with additional questions, and we will update the article if we hear back.
