MidnightBSD

Advisories for beaconmedaes

CVE-2018-7510 MEDIUM

In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-256,CWE-522,

Products Affected

Vendor Product Version
beaconmedaes scroll_medical_air_systems_firmware *
CVE-2018-7518 MEDIUM

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
beaconmedaes scroll_medical_air_systems_firmware *
CVE-2018-7526 MEDIUM

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-425,

Products Affected

Vendor Product Version
beaconmedaes scroll_medical_air_systems_firmware *