CVE-2024-3700

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert.pl/en/posts/2024/06/CVE-2024-1228/	Third Party Advisory
https://cert.pl/posts/2024/06/CVE-2024-1228/	Third Party Advisory
https://cert.pl/en/posts/2024/06/CVE-2024-1228/	Third Party Advisory
https://cert.pl/posts/2024/06/CVE-2024-1228/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:estomed:simple_care:*:*:*:*:*:*:*:*

History

03 Oct 2025, 09:15

Type	Values Removed	Values Added
CWE		CWE-259

Information

Published : 2024-06-10 12:15

Updated : 2025-10-03 09:15

NVD link : CVE-2024-3700

Mitre link : CVE-2024-3700

CVE.ORG link : CVE-2024-3700

JSON object : View

Products Affected

estomed

simple_care

CWE

CWE-259

Use of Hard-coded Password

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2024-3700", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 9.3, "Automatable": "YES", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-06-10T12:15:10.370", "references": [{"url": "https://cert.pl/en/posts/2024/06/CVE-2024-1228/", "tags": ["Third Party Advisory"], "source": "cvd@cert.pl"}, {"url": "https://cert.pl/posts/2024/06/CVE-2024-1228/", "tags": ["Third Party Advisory"], "source": "cvd@cert.pl"}, {"url": "https://cert.pl/en/posts/2024/06/CVE-2024-1228/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert.pl/posts/2024/06/CVE-2024-1228/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-259"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations.\n\nThis issue affects\u00a0Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported."}, {"lang": "es", "value": "El uso de una contrase\u00f1a codificada para la base de datos de los pacientes permite a un atacante recuperar datos confidenciales almacenados en la base de datos. La contrase\u00f1a es la misma en todas las instalaciones del software Simple Care. Este problema afecta a Estomed Sp. z o.o. Software z oo Simple Care en todas las versiones. El software ya no es compatible."}], "lastModified": "2025-10-03T09:15:34.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:estomed:simple_care:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A116B08-6E0A-444B-BB1C-2AC1D621C219"}], "operator": "OR"}]}], "sourceIdentifier": "cvd@cert.pl"}