Vulnerabilities > CVE-2023-39227 - Unprotected Storage of Credentials vulnerability in Softneta Meddream Pacs

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

softneta

CWE-256

NVD

Published: 2023-09-11

Updated: 2023-11-07

Summary

?Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials.

Vulnerable Configurations

Part	Description	Count
Application	Softneta Softneta Meddream Pacs - Softneta Meddream Pacs 6.8.4.751 Softneta Meddream Pacs 7.1.1.752 Softneta Meddream Pacs 7.1.1.753 Softneta Meddream Pacs 7.2.1.760 Softneta Meddream Pacs 7.2.2.770 Softneta Meddream Pacs 7.2.3.780 Softneta Meddream Pacs 7.2.3.781 Softneta Meddream Pacs 7.2.5.781 Softneta Meddream Pacs 7.2.6.790 Softneta Meddream Pacs 7.2.6.800 Softneta Meddream Pacs 7.2.6.801 Softneta Meddream Pacs 7.2.8.810	13

Common Weakness Enumeration (CWE)

CWE-256 - Unprotected Storage of Credentials

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-248-01