Softneta MedDream PACS Plaintext Storage of a Password
CVE-2023-39227

7.5HIGH

Key Information:

Vendor: Softneta
Status: MedDream PACS
Vendor: CVE Published:; 11 September 2023

What is CVE-2023-39227?

Softneta MedDream PACS exhibits a significant security vulnerability due to the storage of usernames and passwords in plaintext format. This flaw poses an elevated risk, as attackers could exploit the plaintext storage method to gain unauthorized access to legitimate user credentials. Implementing proper security measures to encrypt sensitive data is critical in protecting users from potential breaches. Organizations utilizing Softneta MedDream PACS must take immediate action to mitigate this risk and enhance their cybersecurity protocols.

Affected Version(s)

MedDream PACS 0

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2023
Vulnerability Reserved
Aug 18, 2023

Credit

Noam Moshe of Claroty Research reported these vulnerabilities to CISA.

CVE-2023-39227 Data

JSON