Vulnerabilities > Natus > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-10 CVE-2023-47800 Use of Hard-coded Credentials vulnerability in Natus Neuroworks EEG and Sleepworks
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.
network
low complexity
natus CWE-798
critical
 9.8
9.8
2018-04-05 CVE-2017-2869 Out-of-bounds Write vulnerability in Natus Xltek Neuroworks 8
An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8.
network
low complexity
natus CWE-787
critical
 9.8
9.8
2018-04-05 CVE-2017-2868 Out-of-bounds Write vulnerability in Natus Xltek Neuroworks 8
An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8.
network
low complexity
natus CWE-787
critical
 9.8
9.8
2018-04-05 CVE-2017-2867 Out-of-bounds Write vulnerability in Natus Xltek Neuroworks 8
An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8.
network
low complexity
natus CWE-787
critical
 9.8
9.8
2018-04-05 CVE-2017-2853 Out-of-bounds Write vulnerability in Natus Xltek Neuroworks 8
An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8.
network
low complexity
natus CWE-787
critical
 9.8
9.8