CVE-2019-25722— Dräger SC Monitoring Devices Hard-coded Credentials and DoS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-25722
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dräger SC Monitoring Devices Hard-coded Credentials and DoS
Source: NVD (National Vulnerability Database)
Vulnerability Description
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with direct device access can use the hard-coded credentials to access service and clinical accounts and alter device configuration, while a remote attacker can send malformed network packets to cause repeated device reboots, ultimately resulting in loss of network connectivity and disruption of patient monitoring.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2019-25722
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-25722
请登录查看更多情报信息。
News Coverage for CVE-2019-25722 (1)
Same Patch Batch · Dräger · 2026-06-02 · 13 CVEs total
| CVE-2019-25719 | 8.6 HIGH | Dräger Infinity M540 VG4.1.1 Spoofing and DoS via Network Message Handling |
| CVE-2022-4992 | 8.6 HIGH | Dräger Infinity M540 VG4.1.1 Spoofed Network Message Handling DoS/Tampering |
| CVE-2021-4478 | 8.2 HIGH | Dräger CC-Vision Basic and CC-Vision E-Cal Out-of-Bounds Write via Malicious GDT File |
| CVE-2021-4481 | 8.2 HIGH | Dräger Protector Software Local Privilege Escalation via Insecure File Permissions |
| CVE-2021-4480 | 8.2 HIGH | Dräger Protector Software Local Privilege Escalation via Insecure File Permissions |
| CVE-2024-14036 | 7.5 HIGH | Dräger Core 1.0.5 Denial of Service via Malformed SDC Message |
| CVE-2025-15653 | 6.8 MEDIUM | Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation |
| CVE-2019-25724 | 6.5 MEDIUM | Dräger Infinity M300 VG2.x Network-Based Denial of Service |
| CVE-2019-25721 | 6.5 MEDIUM | Dräger Infinity M300 VG2.3.1 Network-Based Denial of Service |
| CVE-2019-25717 | 4.3 MEDIUM | Dräger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure |
| CVE-2019-25723 | 4.0 MEDIUM | Dräger Perseus A500 2.00-2.02 DoS via Medibus Interface |
| CVE-2021-4479 | 4.0 MEDIUM | Dräger Atlan A350 1.00-1.01 DoS via Medibus Interface |
IV. Related Vulnerabilities
Same vendor: Dräger
- CVE-2021-4481
Dräger Protector Software Local Privilege Escalation via Ins - CVE-2021-4480
Dräger Protector Software Local Privilege Escalation via Ins - CVE-2025-15653
Dräger Zeus IE Anesthesia Workstation USB Interface Privileg - CVE-2024-14036
Dräger Core 1.0.5 Denial of Service via Malformed SDC Messag - CVE-2022-4992
Dräger Infinity M540 VG4.1.1 Spoofed Network Message Handlin
Same weakness: CWE-798
- CVE-2026-42251
Hard-coded credentials in KS-SOMED - CVE-2026-25600
Credential Exposure Vulnerability in Trac PDBM - CVE-2026-44825
Apache Solr: Enabling BasicAuth using bin/solr CLI configure - CVE-2026-42929
MacGregor Voyage Data Recorder (VDR) G4e Use of Hard-coded C - CVE-2026-7786
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 t
V. Comments for CVE-2019-25722
No comments yet