CVE-2018-7518

Vulnerability

In BeaconMedaes TotalAlert Scroll Medical Air Systems web application versions 4107600010.23 and prior, credentials are stored and transmitted in an insecure manner (CWE-522). An attacker with network access to the integrated web server can retrieve default or user-defined credentials without any prior authentication [1].

Exploitation

An attacker needs only network access to the web server; no authentication or user interaction is required (CVSS v3 vector: AV:N/AC:L/PR:N/UI:N). By sending requests to the web server, the attacker can extract credentials that are stored or transmitted in plaintext or otherwise unprotected form [1].

Impact

Successful exploitation results in the disclosure of credentials, leading to a high confidentiality impact (C:H). The attacker could then view and potentially modify some device information and web application setup data, though patient health information is not accessible and the device's ability to deliver medical air per NFPA 99 is not affected [1].

Mitigation

As of the advisory publication date (May 24, 2018), no software update was announced by BeaconMedaes. The vendor stated that the vulnerabilities do not compromise patient safety or the device's operational integrity, and no workarounds were provided [1].