Lucene search

CERT-PLVULNRICHMENT:CVE-2024-3700

HistoryJun 10, 2024 - 11:19 a.m.

CVE-2024-3700 Hardcoded password in Estomed Sp. z o.o. Simple Care software

2024-06-1011:19:54

CWE-798

CERT-PL

github.com

cve-2024-3700

estomed simple care

hardcoded password

sensitive data

database security

unsupported software

CVSS4

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:U/V:C/RE:M

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Use of hard-coded password to the patients’ database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations.

This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:estomed:simple_care:*:*:*:*:*:*:*:*"
    ],
    "vendor": "estomed",
    "product": "simple_care",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert.pl/en/posts/2024/06/CVE-2024-1228/

cert.pl/posts/2024/06/CVE-2024-1228/

CVSS4

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/R:U/V:C/RE:M

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-3700