CVE-2019-25722 HIGH

CVE-2019-25722: Dräger SC Monitoring Devices Hard-coded Credentials and DoS

Vendor Dräger
Product SC 6002XL
Weakness CWE-798 · Hardcoded credentials
Published June 2, 2026
Last update June 3, 2026

CVSS base score

7.2/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with direct device access can use the hard-coded credentials to access service and clinical accounts and alter device configuration, while a remote attacker can send malformed network packets to cause repeated device reboots, ultimately resulting in loss of network connectivity and disruption of patient monitoring.

Key dates

02Disclosure timeline

June 2, 2026 CVE published
June 3, 2026 Record updated