Vulnerability in Hasomed Elefant

CVE-2024-50593

An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software.

EPSS: 0.001 (30.2th percentile) — read the EPSS interpretation.

Affected products

Hasomed Elefant — versions <24.03.03

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

References

r.sec-consult.com/hasomed (third-party-advisory)
hasomed.de/produkte/elefant/ (patch)