Baxter Hillrom Welch Allyn ELI Series Improper Access Control Vulnerability Allowing Privilege Escalation
Vulnerability
A vulnerability allowing improper access control has been identified in several models of the Welch Allyn ELI Resting Electrocardiograph series. This vulnerability may lead to privilege escalation by allowing unauthorized access to certain functions or data. The issue affects the ELI 380, ELI 280/BUR280/MLBUR 280, ELI 250c/BUR 250c, and ELI 150c/BUR 150c/MLBUR 150c models, with various versions prior to the ones specified in the mitigation section.
Impact
Exploitation of this vulnerability could allow an attacker to gain unauthorized privileges, potentially leading to unauthorized access to sensitive information or functions within the affected electrocardiograph models.
Remediation
Hillrom has released software updates for all impacted ELI models to address this vulnerability. Users are advised to upgrade to the latest product versions. Information on how to update these products can be found on the Hillrom disclosure page.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.