CVE-2021-37163

CRITICAL

HMI3 Control Panel Firmware < 7.2.5.7 - Use of Hard-coded Credentials

Title source: llm

Description

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded.

References (4)

Core 4

Core References

Product x_refsource_misc

https://www.swisslog-healthcare.com

Third Party Advisory x_refsource_misc

https://www.armis.com/PwnedPiper

Various Sources x_refsource_misc

https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20

Vendor Advisory x_refsource_misc

https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37163-bulletin---default-credentials-for-the-telnet-server.pdf?rev=da64c389a475494985b9fd2c2c508542&hash=466A7109AF08EBFF3756B2C25968ED5E

Scores

CVSS v3 9.8

EPSS 0.0144

EPSS Percentile 69.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (1)

swisslog-healthcare/hmi-3_control_panel_firmware < 7.2.5.7

Published Aug 02, 2021

Tracked Since Feb 18, 2026