The Dentsply Sirona (previously known as Shick Technologies) CDR DICOM is software for managing medical dental records. CDR DICOM contains several hard-coded credentials allowing administrative or root access.
CWE-798: Use of Hard-coded Credentials - CVE-2016-6530
Dentsply Sirona CDR DICOM version 5 and below contains several hard-coded database credentials allowing administrative or root access.
A remote unauthenticated attacker may be able to gain administrative access to the CDR DICOM database.
Update the credentials
Restrict network access
Thanks to Justin Shafer for reporting this vulnerability.
|Date First Published:||2016-09-06|
|Date Last Updated:||2016-09-07 20:27 UTC|