Overview
- Description
- In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:beaconmedaes:scroll_medical_air_systems_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BE7F25F-BC30-4137-A5CE-EBEA26450853",
"versionEndExcluding": "4107600010.23"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:beaconmedaes:scroll_medical_air_systems:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8D46D4D9-6B47-496C-999B-FA016BABE621"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]