CVE-2021-43935

HIGH

Welch Allyn Connex Cardio < 1.1.1 - Improper Authentication via SSO Manual Account Entry

Title source: llm

Description

The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.

References (1)

Core 1

Core References

Mitigation, Third Party Advisory, US Government Resource x_refsource_misc

https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01

Scores

CVSS v3 8.1

EPSS 0.0108

EPSS Percentile 60.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287 CWE-288

Status published

Products (7)

baxter/welch_allyn_connex_cardio 1.0.0 - 1.1.1

baxter/welch_allyn_diagnostic_cardiology_suite 2.1.0

baxter/welch_allyn_hscribe_holter_analysis_system_firmware 5.01 - 6.4.0

baxter/welch_allyn_q-stress_cardiac_stress_testing_system_firmware 6.0.0 - 6.3.1

baxter/welch_allyn_rscribe_resting_ecg_system 5.01 - 7.0.0

baxter/welch_allyn_vision_express_holter_analysis_system 6.1.0 - 6.4.0

baxter/welch_allyn_xscribe_cardiac_stress_testing_system_firmware 5.01 - 6.3.1

Published Dec 15, 2021

Tracked Since Feb 18, 2026