CVE-2019-25722
HIGHDrager SC Monitoring Devices - Hardcoded Credentials and Network Denial of Service
Title source: manualDescription
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with direct device access can use the hard-coded credentials to access service and clinical accounts and alter device configuration, while a remote attacker can send malformed network packets to cause repeated device reboots, ultimately resulting in loss of network connectivity and disruption of patient monitoring.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
https://static.draeger.com/security
Vendor Advisory vendor-advisory
https://static.draeger.com/security/download/2019-11-27-Draeger-SC7000-SC9000-security-advisory-update-v1-5.pdf
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/dr-ger-sc-monitoring-devices-hard-coded-credentials-and-dos
Scores
CVSS v3
7.6
EPSS
0.0019
EPSS Percentile
9.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-798
Status
published
Products (10)
Dräger/SC 6002XL
SC 6002XL
Dräger/SC 6002XL
all versions - VG2.3.1
Dräger/SC 7000
SC 7000
Dräger/SC 7000
all versions
Dräger/SC6802XL
SC6802XL
Dräger/SC6802XL
all versions
Dräger/SC8000
SC8000
Dräger/SC8000
all versions
Dräger/SC90000 XL
SC90000 XL
Dräger/SC90000 XL
all versions
Published
Jun 02, 2026
Tracked Since
Jun 03, 2026