Vulnerability Note VU#548399
Dentsply Sirona CDR DICOM contains multiple hard-coded credentials
The Dentsply Sirona (previously known as Shick Technologies) CDR DICOM is software for managing medical dental records. CDR DICOM contains several hard-coded credentials allowing administrative or root access.
CWE-798: Use of Hard-coded Credentials - CVE-2016-6530
Dentsply Sirona CDR DICOM version 5 and below contains several hard-coded database credentials allowing administrative or root access.
A remote unauthenticated attacker may be able to gain administrative access to the CDR DICOM database.
Update the credentials
Restrict network access
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Dentsply Sirona||Affected||12 Jul 2016||07 Sep 2016|
CVSS Metrics (Learn More)
Thanks to Justin Shafer for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2016-6530
- Date Public: 06 Sep 2016
- Date First Published: 06 Sep 2016
- Date Last Updated: 07 Sep 2016
- Document Revision: 38
If you have feedback, comments, or additional information about this vulnerability, please send us email.