The vulnerability is an unauthenticated remote code execution flaw that allows an attacker to read and write arbitrary files on the system via the deprecated .NET Remoting HTTP channel exposed on port 8989. By supplying valid .NET URI endpoints, an attacker can drop ASPX webshells into the IIS wwwroot directory and achieve full remote code execution. The weakness originates from improper authentication enforcement in the .NET Remoting service, classified as CWE‑306. This flaw can compromise confidentiality, integrity, and availability of the affected Sentinel installation if exploited.

The affected product is Spacelabs Healthcare Sentinel. Versions 10.5.x and later, as well as 11.x.x prior to 11.6.0, are vulnerable. No specific build or service pack information is given beyond the version ranges. The product is typically deployed in diagnostic cardiology environments and utilizes IIS to host web content.

The CVSS score of 9.2 reflects a critical security impact with high exploitation potential. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, indicating no publicly confirmed active exploitation yet. However, the flaw requires that the .NET Remoting port is deliberately exposed to the network; by default the port is not open in a standard installation, so an attacker would need to traverse network policies or compromise internal firewall rules. Given the lack of public exploitation evidence, the likelihood remains uncertain, but the severity warrants urgent attention and mitigation.