Main Vulnerability Database Vulnerabilities #VU50738

#VU50738 Use of hard-coded credentials in T1 Ventilator - CVE-2020-27278

Published: February 17, 2021

Vulnerability identifier: #VU50738

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-27278

CWE-ID: CWE-798

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
T1 Ventilator

Software vendor:
Hamilton Medical

Description

The vulnerability allows a local attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. An attacker with physical access can obtain admin privileges for the device’s configuration interface.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsma-21-047-01