CVE-2022-26388

MEDIUM

ELI <2.6.0 - Info Disclosure

Title source: llm

Description

A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: Versions 2.2.0 and prior.

References (2)

[Various Sources] https://hillrom.com/en/responsible-disclosures/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-167-01

Scores

CVSS v3 6.4

EPSS 0.0006

EPSS Percentile 17.3%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-259

Status published

Products (4)

Welch Allyn/ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph < 2.2.0

Welch Allyn/ELI 250c/BUR 250c Resting Electrocardiograph < 2.1.2

Welch Allyn/ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph < 2.3.1

Welch Allyn/ELI 380 Resting Electrocardiograph < 2.6.0

Published Feb 07, 2025

Tracked Since Feb 18, 2026