CVE-2025-7741

Name of the Vulnerable Software and Affected Versions CENTUM versions R5.01.00 through R5.04.20 CENTUM versions R6.01.00 through R6.12.00 CENTUM version R7.01.00

Description The affected software contains a hardcoded password for the PROG user account, used for CENTUM Authentication Mode. An attacker obtaining this password could log in as the PROG user. The default permission for the PROG user is S1 (equivalent to OFFUSER), limiting the risk of critical operations or configuration changes unless permissions have been modified. Exploitation requires the attacker to already have access to the HIS screen controls. The vulnerability is exploitable if an attacker obtains the hardcoded password, the HIS is configured in CTM authentication mode, and the attacker has direct or remote access to the HIS to perform screen operations.

Recommendations CENTUM versions R5.01.00 through R5.04.20: At the moment, there is no information about a newer version that contains a fix for this vulnerability. CENTUM versions R6.01.00 through R6.12.00: At the moment, there is no information about a newer version that contains a fix for this vulnerability. CENTUM version R7.01.00: At the moment, there is no information about a newer version that contains a fix for this vulnerability.