Number: AV21-624
Date: 9 December 2021

On 9 December 2021 ICS-CERT published an ICS Advisory to highlight a vulnerability in the following products:

  • Welch Allyn Q-Stress Cardiac Stress Testing System – version 6.0.0 to 6.3.1
  • Welch Allyn X-Scribe Cardiac Stress Testing System – version 5.01 to 6.3.1
  • Welch Allyn Diagnostic Cardiology Suite – version 2.1.0
  • Welch Allyn Vision Express – version 6.1.0 to 6.4.0
  • Welch Allyn H-Scribe Holter Analysis System – version 5.01 to 6.4.0
  • Welch Allyn R-Scribe Resting ECG System – version 5.01 to 7.0.0
  • Welch Allyn Connex Cardio – version 1.0.0 to 1.1.1

Exploitation of this vulnerability could result in privilege escalation.

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.

ICS Advisory (ICSMA-21-343-01)
https://us-cert.cisa.gov/ics/advisories/icsma-21-343-01



Source link