CVE-2022-47376

HIGH Year: 2022
CVSS v3 Score
7.3
High
Weakness Type
CWE-257
View all →

Vulnerability Description

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data.

Related Vulnerabilities

CVE-2018-10622

HIGH
CVSS:7.1(High)

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data...

CWE-2572018

CVE-2021-27485

HIGH
CVSS:7.5(High)

ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web brows...

CWE-2572021

CVE-2021-35050

HIGH
CVSS:7.5(High)

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used ...

CWE-2572021

CVE-2023-5627

HIGH
CVSS:7.5(High)

A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protectio...

CWE-2572023

CVE-2024-1480

HIGH
CVSS:7.5(High)

Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.

CWE-2572024

CVE-2024-3543

HIGH
CVSS:7.5(High)

Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary act...

CWE-2572024