CVE-2022-26389: Improper Access Control Vulnerability in ELI Electrocardiograph Devices
First published: Fri Feb 07 2025(Updated: )
An improper access control vulnerability may allow privilege escalation.This issue affects: * ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; * ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; * ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior; * ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: Versions 2.2.0 and prior.
Remedy
Hillrom has released software updates for all impacted devices to address these vulnerabilities. New product versions that mitigate these vulnerabilities are available as follows: * Welch Allyn ELI 380 Resting Electrocardiograph: available Q4 2023 * Welch Allyn ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: available May 2022 * Welch Allyn ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: available Q4 2023 Hillrom recommends users upgrade to the latest product versions. Information on how to update these products can be found on the Hillrom disclosure page https://hillrom.com/en/responsible-disclosures/ .
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/title
- agent/source
- agent/tags
- agent/first-publish-date
- agent/severity
- agent/type
- agent/description
- agent/event