EXECUTIVE SUMMARY - CVSS v3: 5.9 - ATTENTION: Exploitable remotely - Vendor: Hillrom - Equipment: Welch Allyn medical device management tools - Vulnerabilities: Out-of-Bounds Write, Out-of-Bounds Read UPDATE INFORMATION - This updated advisory is a follow-up to the original advisory titled ICSA-21-152-01 Hillrom Medical Device Management (Update B) that was published September 8, 2022, to the ICS webpage at www.cisa.gov/ics. RISK EVALUATION - Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption and remotely execute arbitrary code. TECHNICAL DETAILS - 4.1 Affected Products: The following Hillrom products are affected: - Welch Allyn Service Tool: versions prior to v1.10 - Welch Allyn Connex Device Integration Suite - Network Connectivity Engine (NCE): versions prior to v5.3 - Welch Allyn Software Development Kit (SDK): versions prior to v3.2 - Welch Allyn Connex Central Station (CS): versions prior to v1.8.4 Service Pack 01 - Welch Allyn Service Monitor: versions prior to v1.7.0.0 - Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02