CVE-2022-38069

Published: Sep 13, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 0.9 / Impact: 5.2

Source: NVD

Description

Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters

Affected (1)

Products: Contechealth: Cms8000 Firmware

1 product

Cms8000 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Contechealth Cms8000 Firmware	All versions

Running on/with	Platform Versions
Contechealth Cms8000	All versions

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.