Vulnerability Details : CVE-2016-6530
Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords.
Exploit prediction scoring system (EPSS) score for CVE-2016-6530
Probability of exploitation activity in the next 30 days: 0.69%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-6530
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-6530
-
The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6530
-
https://www.schickbysirona.com/items.php?itemid=19189
Dealer Section | Dentsply Sirona SupportMitigation;Vendor Advisory
-
http://www.kb.cert.org/vuls/id/548399
VU#548399 - Dentsply Sirona CDR DICOM contains multiple hard-coded credentialsThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/92777
Dentsply Sirona CDR DICOM CVE-2016-6530 Hardcoded Credentials Security Bypass Vulnerability
Products affected by CVE-2016-6530
- cpe:2.3:a:dentsply_sirona:cdr_dicom:*:*:*:*:*:*:*:*