CVE-2024-50589

Name of the Vulnerable Software and Affected Versions: Hasomed Elefant version 1.4.2.1811/24.03.03

Description: An unauthenticated attacker with access to the local network of a medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR). This allows for potential data exposure and tampering.

Recommendations: For Hasomed Elefant version 1.4.2.1811/24.03.03, patch the software to mitigate the issue and ensure proper authentication is in place for the FHIR API. As a temporary workaround, consider restricting access to the FHIR API to minimize the risk of exploitation.