PT-2021-11362 · Hamilton Medical Ag · T1-Ventillator

Published

2021-03-15

Updated

2021-03-22

CVE-2020-27278

CVSS v3.1

5.2

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Hamilton Medical AG T1-Ventillator versions 2.2.3 and prior

Description: The issue allows attackers with physical access to obtain admin privileges for the device's configuration interface due to hard-coded credentials in the ventilator.

Recommendations: For versions 2.2.3 and prior, update to a version that removes the hard-coded credentials to prevent attackers from obtaining admin privileges. As a temporary workaround, consider restricting physical access to the device until a patch is available. Restrict access to the device’s configuration interface to minimize the risk of exploitation.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2020-27278

Affected Products

T1-Ventillator

PT-2021-11362 · Hamilton Medical Ag · T1-Ventillator

CVE-2020-27278

Weakness Enumeration

Related Identifiers

Affected Products

References · 5