CVE-2019-25722

HIGH 7.6

Dräger SC Monitoring Devices Hard-coded Credentials and DoS

CVSS Score

7.6

EPSS Score

0.0%

EPSS Percentile

13th

Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with direct device access can use the hard-coded credentials to access service and clinical accounts and alter device configuration, while a remote attacker can send malformed network packets to cause repeated device reboots, ultimately resulting in loss of network connectivity and disruption of patient monitoring.

CWE	CWE-798
Vendor	dräger
Product	sc 6002xl
Published	Jun 2, 2026
Last Updated	Jun 3, 2026

Stay Ahead of the Next One

Get instant alerts for dräger sc 6002xl

Be the first to know when new high vulnerabilities affecting dräger sc 6002xl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Affected Versions

Dräger / SC 6002XL

SC 6002XL

Dräger / SC6802XL

SC6802XL

Dräger / SC 7000

SC 7000

Dräger / SC8000

SC8000

Dräger / SC90000 XL

SC90000 XL

References

NVD ↗ CVE.org ↗ EPSS Data ↗

static.draeger.com: https://static.draeger.com/security/download/2019-11-27-Draeger-SC7000-SC9000-security-advisory-update-v1-5.pdf vulncheck.com: https://www.vulncheck.com/advisories/dr-ger-sc-monitoring-devices-hard-coded-credentials-and-dos

Credits

Jeroen Slobbe and Max Grim