This updated advisory is a follow-up to the original advisory titled ICSA-21-152-01 Hillrom Medical Device Management (Update A) that was published June 1, 2021, to the ICS webpage at www.cisa.gov/ics.
The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution.
Hillrom has released software updates for all impacted devices to address these vulnerabilities. New versions of the products that mitigate the vulnerabilities are available as follows:
- Welch Allyn Service Tool: v1.10
- Welch Allyn Software Development Kit (SDK): v3.2
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
