An attacker with local access to the medical office computer can
access restricted functions of the Elefant Service tool by using a
hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software.
Fixes

Solution

The vendor fixed the issue in version 24.03.03 (or higher) which can be downloaded from hasomed.de/produkte/elefant/ https://hasomed.de/produkte/elefant/ or via the Elefant Software Updater.


Workaround

While workarounds such as modifying the Elefant windows firewall rules and manually adjusting file permissions in the installation folder are feasible workarounds for some of the vulnerabilities, it is recommended to install the patches provided by the vendor.

History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00027}

epss

{'score': 0.00028}


Fri, 08 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Hasomed
Hasomed elefant
CPEs cpe:2.3:a:hasomed:elefant:*:*:*:*:*:*:*:*
Vendors & Products Hasomed
Hasomed elefant
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 08 Nov 2024 12:15:00 +0000

Type Values Removed Values Added
Description An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software.
Title Hardcoded Service Password
Weaknesses CWE-798
References

cve-icon MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published:

Updated: 2024-11-08T15:41:42.624Z

Reserved: 2024-10-25T07:26:12.628Z

Link: CVE-2024-50593

cve-icon Vulnrichment

Updated: 2024-11-08T15:41:35.498Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-08T12:15:15.037

Modified: 2024-11-08T19:01:03.880

Link: CVE-2024-50593

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.