Rocco Gagliardi

**Name of the Vulnerable Software and Affected Versions** GE Voluson S8 (affected versions not specified) **Description** A critical issue affects the Service Browser, which introduces hard-coded credentials. Local attack is required to exploit this issue. It is recommended to change the configuration settings to mitigate the risk. **Recommendations** Change the configuration settings to remove or alter the hard-coded credentials in the Service Browser. As a temporary workaround, consider restricting local access to the Service Browser until the configuration settings are updated.

**Name of the Vulnerable Software and Affected Versions** GE Voluson S8 (affected versions not specified) **Description** A vulnerability has been found in the file `/uscgi-bin/users.cgi` of the Service Browser, leading to improper authentication and elevated access possibilities. The attack can be launched on the local host. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE Voluson S8 (affected versions not specified) Windows XP (affected versions not specified) **Description** A critical issue was found in the affected software, related to the underlying Windows XP operating system. The lack of patches may increase the attack surface. To exploit this issue, access to the local network is required. **Recommendations** For GE Voluson S8, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Windows XP, consider applying all available patches to reduce the attack surface. Restrict access to the local network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Drager Infinity Delta versions all Drager Delta XL versions all Drager Kappa versions all Drager Infinity Explorer C700 versions all **Description** The issue allows an attacker to break out of the kiosk mode and reach the underlying operating system via a specific dialog. This enables the attacker to take control of the operating system. **Recommendations** For Drager Infinity Delta, update or apply a fix to prevent breaking out of the kiosk mode. For Drager Delta XL, update or apply a fix to prevent breaking out of the kiosk mode. For Drager Kappa, update or apply a fix to prevent breaking out of the kiosk mode. For Drager Infinity Explorer C700, update or apply a fix to prevent breaking out of the kiosk mode.

**Name of the Vulnerable Software and Affected Versions** Drager Infinity Delta versions all Drager Delta XL versions all Drager Kappa versions all Drager Infinity Explorer C700 versions all **Description** The issue allows log files to be accessed over an unauthenticated network connection. This access enables an attacker to gain insights into the internals of the patient monitor, its location, and the wired network configuration. **Recommendations** For Drager Infinity Delta, restrict access to log files to prevent unauthorized access. For Drager Delta XL, limit network connections to only necessary and authenticated sources. For Drager Kappa, consider implementing authentication for log file access. For Drager Infinity Explorer C700, secure log files by restricting access to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** B. Braun Medical SpaceStation with SpaceCom module versions prior to 012U000040 B. Braun Medical SpaceStation versions prior to 012U000040 with installed SpaceCom module **Description** An open redirect issue was discovered in the B. Braun Medical SpaceCom module. The web server of the affected product accepts untrusted input, which could allow attackers to redirect the request to an unintended URL contained within untrusted input. **Recommendations** For SpaceStation with SpaceCom module, update to a version newer than 012U000040 to resolve the issue. For SpaceStation with installed SpaceCom module, update to a version newer than 012U000040 to resolve the issue.