Andrew Gothard

**Name of the Vulnerable Software and Affected Versions** CADD-Solis Medication Safety Software versions 1.0 through 3.1 **Description** The issue allows an authenticated user to gain elevated privileges on the SQL database. This could enable the user to modify drug libraries, add and delete users, and change user permissions. It is noted that physical access to the pump is required to install drug library updates. **Recommendations** For versions 1.0 through 3.1, restrict access to the SQL database to prevent unauthorized modifications and changes to user permissions. As a temporary workaround, consider limiting user permissions to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.