29 matches found
CVE-2021-27483
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user...
EUVD-2021-14243
Malware in sbrugna...
CVE-2021-27485
ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser...
CVE-2021-27479
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...
CVE-2021-27485
ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser...
Code injection
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user...
CVE-2021-27483
CVE-2021-27483 concerns ZOLL Defibrillator Dashboard prior to version 2.2. The vulnerability arises from insecure filesystem permissions that could allow a lower-privilege user to escalate to an administrative level. Affected product: ZOLL Defibrillator Dashboard (defibrillator device management ...
CVE-2021-27483
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user...
CVE-2021-27485
The CVE-2021-27485 issue affects ZOLL Defibrillator Dashboard up to version 2.2, where passwords are stored in a recoverable format. The underlying risk is credential exposure through the browser, enabling an attacker to retrieve user credentials from stored data. Mitigation per the provided docu...
CVE-2021-27479
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...
CVE-2021-27481
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information...
CVE-2021-27489
ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands...
CVE-2021-27481
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information...
CVE-2021-27489
ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands...
CVE-2021-27487
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information...
CVE-2021-27487
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information...
CVE-2021-27481
The CVE-2021-27481 entry concerns ZOLL Defibrillator Dashboard, prior to version 2.2. Affected products use a hardcoded cryptographic key in the data exchange, creating potential unauthorized access to sensitive information. Connected advisories (ICSMA-21-161-01) explicitly flag hard-coded crypto...
CVE-2021-27489
ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands...
CVE-2021-27489
CVE-2021-27489 affects ZOLL Defibrillator Dashboard (all versions prior to 2.2). The vulnerability is an Unrestricted Upload of File with Dangerous Type (CWE-434) in the web app, enabling a non‑administrative user to upload a malicious file that could allow an attacker to remotely execute arbitra...
CISA Releases Advisory on ZOLL Defibrillator Dashboard
CISA has released an Industrial Controls Systems ICS Medical Advisory on multiple vulnerabilities in the ZOLL Defibrillator Dashboard. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the ICS...