CVE-2022-38069

MEDIUM Year: 2022
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-798
View all →

Vulnerability Description

Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters

Related Vulnerabilities

CVE-2021-35232

MEDIUM
CVSS:6.1(Medium)

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queri...

CWE-7982021

CVE-2022-38117

MEDIUM
CVSS:6.1(Medium)

Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it.

CWE-7982022

CVE-2022-34449

MEDIUM
CVSS:6.0(Medium)

PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitiv...

CWE-7982022

CVE-2025-4876

MEDIUM
CVSS:6.0(Medium)

ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext withi...

CWE-7982025

CVE-2018-14801

MEDIUM
CVSS:6.2(Medium)

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that ...

CWE-7982018

CVE-2019-4220

MEDIUM
CVSS:6.2(Medium)

IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.

CWE-7982019