CVE-2022-26388

A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: Versions 2.2.0 and prior.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.5

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://hillrom.com/en/responsible-disclosures/
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-167-01

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad en el uso de contraseñas codificadas de forma rígida puede permitir el abuso de la autenticación. Este problema afecta al electrocardiógrafo en reposo ELI 380: versiones 2.6.0 y anteriores; al electrocardiógrafo en reposo ELI 280/BUR280/MLBUR 280: versiones 2.3.1 y anteriores; al electrocardiógrafo en reposo ELI 250c/BUR 250c: versiones 2.1.2 y anteriores; al electrocardiógrafo en reposo ELI 150c/BUR 150c/MLBUR 150c: versiones 2.2.0 y anteriores.

07 Feb 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-07 17:15

Updated : 2026-04-15 00:35

NVD link : CVE-2022-26388

Mitre link : CVE-2022-26388

CVE.ORG link : CVE-2022-26388

JSON object : View

Products Affected

No product.

CWE

CWE-259

Use of Hard-coded Password

6.4 /10