CVE-2022-26388
MEDIUMWelch Allyn ELI 380 Resting Electrocardiograph < 2.6.0 - Use of Hard-coded Password
Title source: llmDescription
A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: Versions 2.2.0 and prior.
References (2)
Core 2
Core References
Various Sources
https://hillrom.com/en/responsible-disclosures/
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-167-01
Scores
CVSS v3
6.4
EPSS
0.0026
EPSS Percentile
16.9%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-259
Status
published
Products (4)
Welch Allyn/ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph
< 2.2.0
Welch Allyn/ELI 250c/BUR 250c Resting Electrocardiograph
< 2.1.2
Welch Allyn/ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph
< 2.3.1
Welch Allyn/ELI 380 Resting Electrocardiograph
< 2.6.0
Published
Feb 07, 2025
Tracked Since
Feb 18, 2026