Improper Access Control in ELI Resting Electrocardiographs by Hillrom
CVE-2022-26389

7.7HIGH

Key Information:

Vendor: Baxter/ Hillrom
Status: Eli 380 Resting Electrocardiograph; Eli 280/bur280/mlbur 280 Resting Electrocardiograph; Eli 250c/bur 250c Resting Electrocardiograph; Eli 150c/bur 150c/mlbur 150c Resting Electrocardiograph
Vendor: CVE Published:; 7 February 2025

🔔 Create Baxter/ Hillrom Vulnerability Alert

What is CVE-2022-26389?

An improper access control vulnerability exists within Hillrom's ELI Resting Electrocardiographs, potentially enabling unauthorized users to escalate their privileges. This issue affects multiple versions of ELI models, including the ELI 380, ELI 280, ELI 250c, and ELI 150c, posing critical risks to the secure operation of these medical devices. Prompt remediation is essential to protect sensitive patient data and maintain device integrity.

Affected Version(s)

ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph 0 <= 2.2.0

ELI 250c/BUR 250c Resting Electrocardiograph 0 <= 2.1.2

ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph 0 <= 2.3.1

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

https://hillrom.com/en/responsible-disclosures/

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2025
Vulnerability Reserved
Mar 3, 2022

Credit

An anonymous user reported these vulnerabilities to Hillrom.

JSON