PT-2014-6463 · Carefusion · Carefusion Pyxis Supplystation
Publicado
2014-10-19
·
Atualizado
2014-10-22
·
CVE-2014-5421
CVSS v2.0
6.8
Média
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:P |
Name of the Vulnerable Software and Affected Versions
CareFusion Pyxis SupplyStation version 8.1 with hardware test tool version 1.0.16 and earlier
Description
The issue concerns a hardcoded database password, which can be exploited by local users to gain privileges. This can be achieved by leveraging access to the cabinet.
Recommendations
For CareFusion Pyxis SupplyStation version 8.1 with hardware test tool version 1.0.16 and earlier, consider changing the hardcoded database password to a unique and secure password to prevent unauthorized access. As a temporary workaround, restrict cabinet access to authorized personnel only to minimize the risk of exploitation.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Carefusion Pyxis Supplystation