Lucene search

IcscertCVELIST:CVE-2023-39227

HistorySep 11, 2023 - 7:08 p.m.

CVE-2023-39227 Softneta MedDream PACS Plaintext Storage of a Password

2023-09-1119:08:08

CWE-256

icscert

www.cve.org

softneta meddream

pacs

plaintext storage

password

vulnerability

attackers

credentials

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

0.001

Percentile

49.0%

JSON

Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MedDream PACS",
    "vendor": "Softneta",
    "versions": [
      {
        "lessThanOrEqual": " v7.2.8.810",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-medical-advisories/icsma-23-248-01

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

0.001

Percentile

49.0%

JSON

Related for CVELIST:CVE-2023-39227

CVE-2023-39227 ​Softneta MedDream PACS Plaintext Storage of a Password

CNA Affected

References

Related

CVE-2023-39227 Softneta MedDream PACS Plaintext Storage of a Password