CVE-2019-25722: Dräger SC Monitoring Devices Hard-coded Credentials and DoS
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with direct device access can use the hard-coded credentials to access service and clinical accounts and alter device configuration, while a remote attacker can send malformed network packets to cause repeated device reboots, ultimately resulting in loss of network connectivity and disruption of patient monitoring.
Security readout for executives and security teams
Plain-English summary
This vulnerability affects Dräger SC patient monitoring devices. It combines hard-coded plaintext credentials with a network denial-of-service issue. Direct device access could let an attacker alter device configuration, while malformed network traffic could repeatedly reboot devices and disrupt patient monitoring connectivity.
Executive priority
Treat this as high priority for hospitals or care settings using the affected monitors. The main business risk is disrupted patient monitoring and unauthorized configuration changes, not confirmed public exploitation.
Technical view
CVE-2019-25722 is reported in Dräger SC 6002XL, SC 6802XL, SC 7000, SC 8000, and SC 9000 XL devices across all software versions. It maps to CWE-798 and has CVSS 3.1 score 7.6. The bundle describes local credential misuse and network-triggered availability impact.
Likely exposure
Exposure is most relevant in healthcare environments using the listed Dräger SC monitoring devices, especially where devices are reachable on clinical networks or physically accessible to unauthorized personnel.
Exploitation context
The sources do not show CISA KEV listing or active exploitation. The issue is serious because no privileges or user interaction are required for the network DoS condition, and local access can affect clinical configuration integrity.
Researcher notes
Evidence is limited to the supplied CVE, vendor advisory, and VulnCheck listing. Patch status, exploit maturity, and version-specific fixed builds are not stated in the bundle, so validation should stay inventory- and vendor-guidance focused.
Mitigation direction
Review the Dräger advisory for approved remediation or compensating controls.
Inventory all listed SC monitoring devices and confirm software versions.
Restrict network access to patient monitoring segments and trusted management systems.
Limit physical access to devices, service ports, and clinical work areas.
Monitor for repeated reboots, connectivity loss, or unexplained configuration changes.
Validation and detection
Identify whether SC 6002XL, SC 6802XL, SC 7000, SC 8000, or SC 9000 XL devices are deployed.
Confirm which network segments can reach affected monitoring devices.
Check clinical engineering records for unexplained reboot or connectivity incidents.
Review device configuration change history where available.
Verify vendor guidance has been reviewed and tracked to closure.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-798: Credential and account abuse lookup
Authentication and credential weaknesses can make valid-account abuse and credential telemetry useful review starting points. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.