Description
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with direct device access can use the hard-coded credentials to access service and clinical accounts and alter device configuration, while a remote attacker can send malformed network packets to cause repeated device reboots, ultimately resulting in loss of network connectivity and disruption of patient monitoring.
Published: 2026-06-02
Score: 7.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exposes plaintext credentials embedded in the device source code, enabling an attacker with direct physical or remote network access to authenticate as a service or clinical user and modify device settings. Additionally, malformed network packets trigger repeated reboots, causing loss of connectivity and significant downtime. The resulting compromise of configuration data threatens the integrity of device operation, while the DoS component jeopardizes availability of critical patient monitoring.

Affected Systems

Dräger SC Monitoring devices—including model lines SC 6002XL, SC 6802XL, SC 7000, SC 8000, and SC 9000 XL—across all firmware and software versions are affected.

Risk and Exploitability

The CVSS v3 score of 7.2 indicates a high‑severity risk. EPSS is not released, and the vulnerability is not listed in the CISA KEV catalog, yet the dual local and remote attack paths present an attractive target for adversaries seeking to subvert device security or disrupt clinical services. Attackers may exploit exposed credentials locally or launch network‑based packet floods to induce reboots; both methods can be carried out without privileged credentials, underscoring the vulnerability’s accessibility.

Generated by OpenCVE AI on June 3, 2026 at 03:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update all SC devices to the latest firmware released by Dräger
  • Change all default and hard‑coded credentials to strong, unique passwords
  • Restrict network ports used by the devices to trusted traffic, segment the network, and monitor for abnormal reboot activity

Generated by OpenCVE AI on June 3, 2026 at 03:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with direct device access can use the hard-coded credentials to access service and clinical accounts and alter device configuration, while a remote attacker can send malformed network packets to cause repeated device reboots, ultimately resulting in loss of network connectivity and disruption of patient monitoring.
Title Dräger SC Monitoring Devices Hard-coded Credentials and DoS
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H'}

cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-02T18:44:11.815Z

Reserved: 2026-06-02T18:39:44.176Z

Link: CVE-2019-25722

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-02T20:16:23.690

Modified: 2026-06-02T20:16:23.690

Link: CVE-2019-25722

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T03:30:06Z

Weaknesses