Vulnerability Description
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Swisslog-Healthcare | Hmi-3 Control Panel Firmware | < 7.2.5.7 |
| Swisslog-Healthcare | Hmi-3 Control Panel | - |
Related Weaknesses (CWE)
References
- https://www.armis.com/PwnedPiperThird Party Advisory
- https://www.swisslog-healthcare.comProduct
- https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customVendor Advisory
- https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve
- https://www.armis.com/PwnedPiperThird Party Advisory
- https://www.swisslog-healthcare.comProduct
- https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customVendor Advisory
- https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve
FAQ
What is CVE-2021-37163?
CVE-2021-37163 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user account...
How severe is CVE-2021-37163?
CVE-2021-37163 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-37163?
Check the references section above for vendor advisories and patch information. Affected products include: Swisslog-Healthcare Hmi-3 Control Panel Firmware, Swisslog-Healthcare Hmi-3 Control Panel.