Dräger SC Monitoring Devices Hard-Coded Credentials

Advisories

Dräger SC Monitoring Devices Hard-Coded Credentials

severity: high
date: 6/3/2026
Affecting: SC 6002XL
SC6802XL
SC 7000
SC8000
SC90000 XL
CVE: CVE-2019-25722
CWE: CWE-798 Use of Hard-coded Credentials
CVSS: 7
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: Vendor Advisory
Credit: Jeroen Slobbe and Max Grim
Description: Dräger SC Monitoring devices, including SC 6002XL, SC6802XL, SC 7000, SC8000, and SC90000 XL, contain a hard-coded credentials vulnerability in all software versions that allows local attackers with direct device access to authenticate using embedded credentials. Attackers can use these credentials to access service and clinical accounts, alter device configuration, and potentially cause improper monitoring or reporting of patient condition.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo