CVE-2020-27278

EUVD-2020-19791
In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.2 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
hamilton-medicalhamilton-t1_firmware
𝑥
≤ 2.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://us-cert.cisa.gov/ics/advisories/icsma-21-047-01
https://us-cert.cisa.gov/ics/advisories/icsma-21-047-01