CVE-2024-3700 CRITICAL

CVE-2024-3700: Hardcoded password in Estomed Sp. z o.o. Simple Care software

Vendor Estomed Sp. Z O.o.
Product Simple Care
Weakness CWE-259
Published June 10, 2024
Last update October 3, 2025

CVSS base score

9.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:H/SA:H/AU:Y/R:U/V:C/RE:M/U:Red

What the vulnerability does

01Description

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported.

Key dates

02Disclosure timeline

June 10, 2024 CVE published
October 3, 2025 Record updated