CVE-2022-38069

Name of the Vulnerable Software and Affected Versions CMS8000 devices (affected versions not specified)

Description The issue concerns multiple globally default credentials existing across all CMS8000 devices. If these credentials are exposed, a threat actor with momentary physical access can gain privileged access to any device. This privileged access enables the extraction of sensitive patient information or modification of device parameters.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.