CVE-2019-25722
Severity CVSS v4.0:
HIGH
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
02/06/2026
Last modified:
17/06/2026
Description
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with direct device access can use the hard-coded credentials to access service and clinical accounts and alter device configuration, while a remote attacker can send malformed network packets to cause repeated device reboots, ultimately resulting in loss of network connectivity and disruption of patient monitoring.
Impact
Base Score 4.0
7.20
Severity 4.0
HIGH
Base Score 3.x
7.60
Severity 3.x
HIGH



