Dräger SC Monitoring Devices Hard-coded Credentials and DoS

Advisories

Dräger SC Monitoring Devices Hard-coded Credentials and DoS

severity: high
date: 6/2/2026
Affecting: SC 6002XL <= all versions
SC6802XL <= all versions
SC 7000 <= all versions
SC8000 <= all versions
SC90000 XL <= all versions
CVE: CVE-2019-25722
CWE: CWE-798 Use of Hard-coded Credentials
CVSS: 7.2
CVSS V4 Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
References: https://static.draeger.com/security
Credit: Jeroen Slobbe and Max Grim
Description: Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with direct device access can use the hard-coded credentials to access service and clinical accounts and alter device configuration, while a remote attacker can send malformed network packets to cause repeated device reboots, ultimately resulting in loss of network connectivity and disruption of patient monitoring.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo