Dentsply Sirona Information for VU#548399
Dentsply Sirona CDR DICOM contains multiple hard-coded credentials
- Vendor Information Help Date Notified: 12 Jul 2016
- Statement Date: 07 Sep 2016
- Date Updated: 07 Sep 2016
CDR Dicom uses default passwords to optimize its installation and to expedite the setup and configuration of the software. A potential risk exists where unauthorized individuals with knowledge of the default passwords, and internal access to CDR's SQL database, could retrieve the patient information stored by CDR exams.
Mitigation of this issue can be achieved in several ways. Ensuring network access to patient information is protected from improper use is one approach. Another would be to replace the default passwords with user-selected ones. This can be accomplished during a custom installation of SQL Server or by modifying the default credentials after installation.
Additional Information about the default passwords used by CDR, the options for mitigation, and general recommendation on keeping patient data safe, can be found on the company website at the following link: https://www.schickbysirona.com/items.php?itemid=19189
We are not aware of further vendor information regarding this vulnerability.
There are no additional comments at this time.