Dräger SC Monitoring Devices Hard-coded Credentials and Denial-of-Service Vulnerability

A vulnerability exists in Dräger SC Monitoring devices, including the SC 6002XL, SC 6802XL, SC 7000, SC 8000, and SC 9000 XL models, all software versions. These devices contain hard-coded plaintext credentials in the source code, along with a denial-of-service vulnerability. This issue allows local and remote attackers to compromise the integrity of the devices. A local attacker with direct access can use the hard-coded credentials to access service and clinical accounts, enabling them to alter device configurations. Meanwhile, a remote attacker can send malformed network packets that cause the device to repeatedly reboot, leading to a loss of network connectivity and disruption of patient monitoring.

Impact

Exploitation of this vulnerability allows for unauthorized access to service and clinical accounts, modification of device configurations, and causes repeated device reboots, disrupting patient monitoring and causing a loss of network connectivity.