CVE-2023-40704

MEDIUM Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-1392
View all →

Vulnerability Description

The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity.

Related Vulnerabilities

CVE-2023-30603

CRITICAL
CVSS:9.8(Critical)

Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remot...

CWE-13922023

CVE-2023-30801

CRITICAL
CVSS:9.8(Critical)

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, thi...

CWE-13922023

CVE-2023-3703

CRITICAL
CVSS:9.8(Critical)

Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials

CWE-13922023

CVE-2023-49621

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An...

CWE-13922023

CVE-2024-12286

CRITICAL
CVSS:9.8(Critical)

MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.

CWE-13922024

CVE-2024-29844

CRITICAL
CVSS:9.8(Critical)

Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the appl...

CWE-13922024