Issue Details
Baxter is releasing a software update to CSM software version 1.54.01 with software and security enhancements.
Definitions
| Acronym | Description/Definition |
|---|---|
| APM | Accessory Power Management |
| BLE | Bluetooth Low Energy |
| BR/EDR | Bluetooth Basic Rate/Enhanced Data Rate |
| CSM | Connex Spot Monitor |
| ECDSA | Elliptic Curve Digital Signature Algorithm |
| CVC | Connex Vitals Core. Renamed to CSM. |
| FIPS | Federal Information Processing Standard. |
| NIBP | Non-Invasive Blood Pressure |
| NCE | Network Connectivity Engine Software |
| PCA | Printed Circuit Assembly |
| PDM | Product Data Management |
| APM PIC | A PIC16F1518 that manages the APM's rechargeable battery, its work light, the battery life indicator LED string, the printer print head power, and the CVC accelerometer |
| CVC PIC | A PIC16F1518 that manages the CVC's rechargeable battery (if one is installed), the front panel LEDs, and the connection with the APM processor (if required) |
| HIS ID | Hospital Information System |
| IP | Internet Protocol |
| VID | Vendor ID |
| OKC | Opportunistic Key Caching |
| NEWS2 SCAL2 | National Early Warning Score Scale 2 |
| PID | Product ID |
| PHI | Personal Health Information |
| PKI | Public Key Infrastructure |
| RRp | Masimo Respiration Rate from the Pleth. Respiration rate is measured based on changes in the plethysmographic waveform. |
| SCRM | SmartCare Remote Management |
| SDK | Welch Allyn Connectivity SDK Development |
| SpO2 | Oxygen Saturation Percentage of oxygenated hemoglobin in the blood |
| SSO | Single Sign On |
| SRS | Software Requirements Specification |
| SW | Software |
| SWF | Software File |
| TFS | Team Foundation Server |
| TLS | A widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet |
| UI | User Interface |
| WA | Welch Allyn |
| WACP | Welch Allyn Communication Protocol |
| WAST | Welch Allyn Service Tool |
| WEP | WEP (Wired Equivalent Privacy) is the oldest and most common Wi-Fi security protocol. It was the privacy component established in the IEEE 802.11, a set of technical standards that aimed to provide a wireless local area network (WLAN) with a comparable level of security to a wired local area network (LAN). |
| WPA | The WPA protocol implements the Temporal Key Integrity Protocol (TKIP). WEP used a 64-bit or 128-bit encryption key |
| WPA2 | WPA2 (Wi-Fi Protected Access 2) is the second generation of the Wi-Fi Protected Access wireless security protocol. Like its predecessor, WPA2 was designed to secure and protect Wi-Fi networks. |
Solution/Action
Baxter Inc. is pleased to announce the release of a new firmware package for the Welch Allyn Connex Spot Monitor. This release (CSM firmware version 1.54.01*) incorporates new Software and security enhancements.
New Radio Service Kits compatible with 1.54.00 firmware and later:
- 109112-SRV UPG KIT, CSM NEWMAR RADIO 2.00.04
- 109116-SRV KIT CSM, NEWMAR RADIO PCBA 2.00.04
PLEASE NOTE: Once a CSM has updated to 1.54.01, it CANNOT be rolled back to a previous version of the device firmware.
Enhancements:
- Prevented the downgrade or rollback to an older host (lower number) software version when operating with host version 1.54.01.
- Removed WEP, WPA, and Open/None from a set of wireless Authentication/Encryption options. If you have a CSM currently configured with WEP, WPA, or Open/None Authentication/Encryption radio setting, then upgrading to CSM 1.54.01 may result in the loss of network connectivity as these options are no longer available and the CSM will default to WPA2-Personal Authentication/Encryption radio setting. To prevent this, it is recommended to first change your Authentication/Encryption radio settings to any of the other available options (WPA2-Personal or WPA2-Enterprise) and establish a successful network connection before upgrading to CSM 1.54.01 to ensure a continual connection.
- Compatibility with Newmar radio firmware version 2.00.04. Newmar radio firmware version 2.00.04 meets FIPS certificate #4198 requirements. For more information about FIPS certificate #4198, visit: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4198
- Updated asset tag and location usage, so if they are not set in the config file, they are not cleared in the device.
- An advanced settings password is required for configuration updates.
- Security: Added Client authentication support.
- Added Support to Encrypt Device Service Data to Service Monitor.
- Added configurable option to protect PHI Data when a Priority Alarm Occurs on the Lock Screen.
- Chinese Translation Fixes/Edits.
- Added support for IP addresses for service monitoring when the network connectivity method is Host IP.
- Added support for TLS 1.3.
- Removed the "Pair Every Time" BLE workflow.
- Required complex password entry for access to the debug menu.
- Removed the creation of Core files from CSM.
- Added a new VID/PID to allow a new APM USB host controller.
- Added logging of alarm related settings and changes made to those settings to comply with 60601-1-8:2006/AMD2:2020.
- Ensured all setting changes possible through the UI have corresponding log entries.
- Add hardware support for Updated ModPG and SureTemp (Timmy) processors.
- Update TLS 1.2 to support ECDSA: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384.
- The Splash Screen has been updated to Baxter branding.
- Update CSM Build Process to create build package for Service Monitor.
- Apply patches for unzip vulnerability.
- Increased Clinician ID and Clinician Password character limit to 32 characters.
- Supports enabling Single Sign-On (SSO) with Office profile (requires Configuration Tool 1.9.5 or later).
- WACP updates to patch vulnerabilities found by Cisco-Talos.
- The CD containing a copy of the CSM's Instructions for Use (IFU) that ships with the device has been replaced by a Web Direct Card. To view the CSM's IFU, please scan the QR code on the Web Direct card and follow the corresponding instructions.
Bug Fixes
- Linux Kernel update to 5.4.106.
- When the device is in intervals, the profile active intervals program is running, and the config file is loaded with clinician authentication required for saving; the intervals program is still running after the config change.
- Roaming dropdown is still available after re-enabling the Radio setting.
- Temp default units are not applied on Braun.
- CSM NEWS2 Scale2 on Air send the incorrect HIS_ID.
- Software resets Custom Score algorithm when establishing patient context.
- Barcode scanning incorrectly changes the Patient ID on the Review Screen.
- PDM incorrectly causes context switch.
- Exiting Advanced Settings prevents patient barcode scan.
- Radio configuration screen allows non-working configuration.
- Multiple alarm messages, delay in scrolling.
- Roaming is set to "OKC," but the field was not grayed out.
- Log Manager issue may allow day files to contain multiple days of log info if device time is changed.
- LogMgr may not rotate logs after loss of time.
- LogMgr does not rebalance all intermediate log files.
- Suretemp and NIBP modules will not update to last software on Rev G board.
- Patient Type not always assigned correctly from Patient Date of Birth.
- Files Deleted from USB mass storage devices on shutdown.
- Alarms are generated during intervals; a following manual entry that is out of limits does not generate alarms correctly.
- Technical alarm priorities have been updated regarding the failure of critical functionality.
CSM Hardware/Software Compatibility
The CSM 1.54.01 software is expected to be compatible with the below-listed or newer versions until superseded by a future CSM software update.
| Subsystem | Description | Version | Notes |
|---|---|---|---|
| CSM Main Board | Pattern E | 409703-12; PCA, CVC Main Board, NOTE: The board version read by SW is E. | |
| Pattern F | 409703-16; PCA, CVC Main Board, 3rd Edition, NOTE: The board version read by SW is F. | ||
| Pattern H | 409703-18; PCA, CVC Main Board, 4th Edition, NOTE: The board version read by SW is G. | ||
| Pattern H | 409703-20; PCA, CVC Main Board, 4th Edition, NOTE: The board version read by SW is G. | ||
| Pattern J | 409703-30; PCA, CVC Main Board, 4th Edition, NOTE: The board version read by SW is J. | ||
| APM PIC Software | 2.00 | N/A | |
| CSM PIC Software | 3.01 | N/A | |
| NIBP Software | ModPG | 1.00.00.00009 – Main 1.00.00.00002 - Boot 1.00.00.00007 – Safety |
N/A |
| ModPG2.5 | 1.00.00.25R04 - ModPG25Base 1.00.00.25R01 - ModPG25Boot 1.00.00.25R03 – ModPG25Safety |
N/A | |
| Masimo MX SpO2 Software | 7.10.7.0 | Vendor firmware – Non-RRP With RRp support |
|
| Nellcor SpO2 Software | 7.14.6.2 | Vendor firmware | |
| Nonin SpO2 Software | HW 1.2.1.0 DSP GR101357E00 FE 1.1.0.0 | Vendor firmware | |
| SureTemp Software | Timmy | 1.00.00.00006 | N/A |
| Timmy3 | 1.00.00.00005 | N/A | |
| Braun Pro 6000 Software | Braun 6000 Handle 5.25 for all deployments excluding China Braun 6000 Handle 5.28 for China only |
Vendor firmware | |
| Newmar Radio Software | 2.00.04 | N/A | |
| Bluetooth BR/EDR | Bluetopia Stack version 4.0.1.1 which minimally support the Bluetooth Core Specification Version 2.1 for Bluetooth BR/EDR | Also known as Basic Rate/Enhanced Data Rate (BR/EDR). | |
| Bluetooth Low Energy | Bluetopia Stack version 4.0.1.1 which minimally support the Bluetooth Core Specification Version 4.0 for BLE | N/A | |
| Scale Software | N/A | ||
| WACP | 2.4.0 | N/A | |
| WA Connectivity SDK | 3.0.0.19 | N/A | |
| NCE | NCE 5.1.0.16 | N/A | |
| Connex | CS 1.7.1 | N/A | |
| PDM Database Schema | 16 | Current schema version is logged at device power-up. | |
| Configuration Tool | 1.9.4 | N/A | |
| WAST | 1.11.0.0 | N/A | |
| SWF: WAST CSM plugin v | 1.2.0.1 | N/A | |
| Service Monitor | 1.7.0 | N/A |
NOTE 1: The Newmar Radio Firmware 2.00.04 associated with this release is not backwards compatible with prior versions of the Newmar Radio Firmware. Downgrading a CSM to a version prior to 1.54.01 is not supported and should not be attempted once a CSM has been upgraded to 1.54.01.
NOTE 2: If the user forgets the passcode for accessing the Advanced Settings, the user can access the CSM Configurator tool to determine the passcode.
Update Instructions
The 1.54.01 software will be automatically deployed to the Welch Allyn Service Tool (WAST) and SmartCare Remote Management (SCRM). Please note that once CSM is upgraded to 1.54.01, it CANNOT be rolled back to a previous version of the device firmware.
Instructions on Software upgrades are covered in the Service Manual located on the Hillrom Patient Monitoring CSM website shown in the link below. Select the appropriate service manual for your device by selecting the EDUCATION AND DOCUMENTATION → SERVICE MANUAL tab.
Hillrom Patient Monitoring CSM webpage link: https://www.hillrom.com/en/products/connex-spot-monitor/
Please refer to the applicable Welch Allyn Product Configuration Tool CSB(s)/TSB(s) for changes to configuration files that may impact CSM device UI, security or custom scoring.
Reference Documents:
- 200181294A – TSB 1.54.01
Summary of Prior Releases
1.52.01-A0001 released 10/16/2023
Baxter has released a software update to software version 1.52.00-A0002 to address the following list of critical security vulnerabilities that have been found impacting CSM that may lead to security risks. An attacker that exploits these security risks without proper application of suggested mitigations can modify device configuration and firmware data. Tampering with this data can lead to device compromise.
1.52.00-A0002 released 01/08/2021
This is a CSM-sustaining release. The previous release version was 1.51.00. This update enables the below features and additions. The configuration tool was updated to Version 1.90 as well to support the below features and additions. The main features of this release are below.
- Change to the way we do BLE licensing, both on the device and within the Config Tool. This change follows the same setup for RRp Licenses on the Config Tool.
- Add Radio Certificate Expiration Date Information and Related Technical Alarm to CSM.
- NEWS2 2 Scale Option Based on O2.
- Traditional Chinese (keyboard not included).
- Service Monitor connectivity with HL7 enabled, and per device BLE licensing.
- The ability to share a config file from one account to another.
1.51.00.A0002 version released 4/24/2020
This is a CSM sustaining release. The previous release version was 1.42.00. This update enables the many features and additions. Adds: Masimo RRp (Respiration-Rate via Pleth); Adds Patient List capability to HL7 OOB; Adds The capability to Disable USB ports; etc..... The configuration tool was updated as well to support the creation of two (2) config files (Standard Config, as well as a License Config) that can be applied to the CSM device in the same manner as before using WAST or a USB stick.
1.42.00.A0001 version released 10/02/2019
This is a CSM sustaining release. The previous release version was 1.41.01. This update provides encryption of PHI data at rest as well as minor improvement of the services for BLE. When the values sent were high systolic BP (>204) and Weight (>327kg) via BLE they would show as a negative number in the EMR application.
1.41.01.A0001 version released 07/09/2019
This is a CSM sustaining release. The previous release version was 1.41.00. This update included a fix for a minor time delay for the manufacturing automated test equipment.
1.41.00.A0005 version released 03/10/2019
This is a CSM sustaining release. The previous release version was 1.40.10. This update provides support for Service Workflow updates, Newmar Radio Updates, as well as an assortment of software anomaly fixes.
Key updates provided in this release are noted below:
- Remote upgrade and configuration from Service Monitor and view only access (VNC).
- New Radio Software Newmar v2.00.02
- Added b/g/n Radio Selection mode.
- Added independent FIPS Enable/Disable functionality to WPA2-Personal and valid WPA2-Enterprise Auth Modes/EAP Types, default FIPS enabled.
- Newmar certificate installation should encrypt password file information.
Note: Requires the wa-updatecerts script used by WAST to create certificate PIM files be updated to the latest version. If the version of WAST that does not include the updated wa-updatecerts script, certificates will not successfully authenticate on Newmar 2.00.02 SW.
- Clear Patient ID in office profile save.
- Beirut Time Zone support.
1.40.10.A0002 version released 12/10/2018
This is a maintenance release for CSM. The previous shipping production release was 1.40.00-A0002. This update provides support for 4th-Edition compliance. Supports All Device Hardware versions. Upgradeable, and down-grade-able only to 1.32.19 version.
1.40.00.A0002 version released 09/19/2018
This is a maintenance release for CSM. The previous shipping production release was 1.32.10-A0001. This update provides support for 4th-Edition compliance. Supports All Device Hardware versions. Upgradeable, and down-grade-able only to 1.32.19 version.
1.32.19.A0001 version released 12/10/2018
This is a service maintenance release for CSM. The previous shipping production release was 1.32.10-A0001. This update provides support for new Hardware based on 4th Edition Compliance. Upgradeable with new hardware only (Version G or greater). Supports ALL Device Hardware version. Can't be downgraded to any previous versions.
1.32.10.A0001 version released 8/07/2018
This is a service maintenance release for CSM. The previous shipping production release was 1.32.02-A0002. This update provides support for 4th-Edition compliance, an assortment of software updates and support for the Thai language. CSM Configuration Tool has also been updated to v1.8.3 20180727 located here: https://config.welchallyn.com/configurator/
