Cybersecurity specialists report the detection of a critical vulnerability in some devices for patients with heart problems whose exploitation would allow threat actors to access these devices without using a password, thus obtaining full control of the affected system. The fault resides in the computers developed by Hillrom, and exists due to a configuration error in single sign-on.
According to the report, a successful attack would allow manual access to all accounts in Active Directory within the affected application, with which malicious hackers will gain access to the system without having to enter the password corresponding to the vulnerable account. The vulnerability was tracked as CVE-2021-43935 and received a score of 8.1/10 according to the Common Vulnerability Scoring System (CVSS).
A remote threat actor could access the affected application with an AD account to gain all the privileges associated with the account. Below is a list of all vulnerable products:
- Welch Allyn Q-Stress Cardiac Stress Test System: versions 6.0.0 to 6.3.1
- Welch Allyn X-Scribe cardiac stress test system: versions 5.01 to 6.3.1
- Welch Allyn Diagnostic Cardiology Suite: version 2.1.0
- Welch Allyn Vision Express: versions 6.1.0 to 6.4.0
- Welch Allyn Holter H-Scribe analysis system: versions 5.01 to 6.4.0
- Welch Allyn R-Scribe standby ECG system: versions 5.01 to 7.0.0
- Welch Allyn Connex Cardio: versions 1.0.0 to 1.1.1
The company is already aware of the issue and announced that the issues will be addressed in the next version, so at the moment there are no patches available. To mitigate the risk of exploitation, Hillrom recommends disabling the SSO feature in Modality Manager Configuration, which should interrupt any attack attempts, at least for the time being.
The Cybersecurity and Infrastructure Security Agency (CISA) also issued some recommendations to protect vulnerable systems, including minimizing network exposure for all vulnerable devices, verifying that these devices are not accessible from the Internet, and using additional security tools, such as VPN solutions.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.