Description
OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01
Scores
CVSS v3
9.4
EPSS
0.0217
EPSS Percentile
79.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Details
CWE
CWE-912
Status
published
Products (1)
freemedsoftware/openclinic_ga
5.09.02
Published
Jul 29, 2020
Tracked Since
Feb 18, 2026