CVE-2019-25722 | THREATINT

Description

Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with direct device access can use the hard-coded credentials to access service and clinical accounts and alter device configuration, while a remote attacker can send malformed network packets to cause repeated device reboots, ultimately resulting in loss of network connectivity and disruption of patient monitoring.

PUBLISHED Reserved 2026-06-02 | Published 2026-06-02 | Updated 2026-06-03 | Assigner VulnCheck

HIGH: 7.2CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

HIGH: 7.6CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Problem types

CWE-798 Use of Hard-coded Credentials

Product status

Default status

unknown

SC 6002XL (custom)

affected

Default status

unknown

SC6802XL (custom)

affected

Default status

unknown

SC 7000 (custom)

affected

Default status

unknown

SC8000 (custom)

affected

Default status

unknown

SC90000 XL (custom)

affected

Credits

Jeroen Slobbe and Max Grim finder

References

static.draeger.com/...9000-security-advisory-update-v1-5.pdf vendor-advisory

www.vulncheck.com/...-devices-hard-coded-credentials-and-dos third-party-advisory

cve.org (CVE-2019-25722)

nvd.nist.gov (CVE-2019-25722)

Download JSON