{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T07:00:52.405","vulnerabilities":[{"cve":{"id":"CVE-2021-27410","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2021-06-11T17:15:10.770","lastModified":"2024-11-21T05:57:56.153","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00)."},{"lang":"es","value":"El producto afectado es vulnerable a una escritura fuera de límites, lo que puede resultar en una corrupción de datos o una ejecución de código de Welch Allyn medical device management tools (Welch Allyn Service Tool: versiones anteriores a v1.10, Welch Allyn Connex Device Integration Suite - Network Connectivity Engine (NCE): versiones anteriores a v5.3, Welch Allyn Software Development Kit (SDK): versiones anteriores a v3.2, Welch Allyn Connex Central Station (CS): versiones anteriores a v1. 8.6, Welch Allyn Service Monitor: versiones anteriores a v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versiones anteriores a v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versiones anteriores a v2. 43.02, Welch Allyn Connex Spot Monitor (CSM): versiones anteriores a v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versiones anteriores a v1.11.00)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hillrom:connex_central_station:*:*:*:*:*:*:*:*","versionEndExcluding":"1.8.6","matchCriteriaId":"C49585B9-3AA0-42AB-9182-77152BAFA37D"},{"vulnerable":true,"criteria":"cpe:2.3:a:hillrom:connex_device_integration_suite_network_connectivity_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"5.3","matchCriteriaId":"5C24A4F7-EEA2-4FA8-9F55-77E1656B2E81"},{"vulnerable":true,"criteria":"cpe:2.3:a:hillrom:connex_integrated_wall_system:*:*:*:*:*:*:*:*","versionEndExcluding":"2.43.02","matchCriteriaId":"895DC8BC-529D-4125-A55F-298B70E18007"},{"vulnerable":true,"criteria":"cpe:2.3:a:hillrom:connex_spot_monitor:*:*:*:*:*:*:*:*","versionEndExcluding":"1.52","matchCriteriaId":"DB9BF71D-0C66-4EE0-A25E-44C15A98CF1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:hillrom:connex_vital_signs_monitor:*:*:*:*:*:*:*:*","versionEndExcluding":"2.43.02","matchCriteriaId":"D22AECD4-34FE-45D0-AD50-9F1B269578B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:hillrom:service_monitor:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.0.0","matchCriteriaId":"4D618609-3AE0-47F3-A862-7888C3FBCB98"},{"vulnerable":true,"criteria":"cpe:2.3:a:hillrom:service_tool:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10","matchCriteriaId":"F2B7E63E-27FA-4C03-9039-1F7C47B7A09D"},{"vulnerable":true,"criteria":"cpe:2.3:a:hillrom:software_development_kit:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2","matchCriteriaId":"607AE812-A7F3-4705-BF29-2CB3A6B5A91B"},{"vulnerable":true,"criteria":"cpe:2.3:a:hillrom:spot_vital_signs_4400:*:*:*:*:-:*:*:*","versionEndExcluding":"1.11.00","matchCriteriaId":"C7CF411D-E942-4807-A0D3-4154514A0E7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hillrom:spot_vital_signs_4400:*:*:*:*:extended_care:*:*:*","versionEndExcluding":"1.11.00","matchCriteriaId":"2BAFF889-0D46-403F-89AA-C61F7DEADE69"}]}]}],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}}]}