Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities by PicoTronica

    CVE-2026-8033 (GCVE-0-2026-8033)

    Vulnerability from nvd – Published: 2026-05-06 19:30 – Updated: 2026-05-07 14:59
    VLAI
    Title
    PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure
    Summary
    A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. Upgrading to version 5.7.1 mitigates this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    PicoTronica e-Clinic Healthcare System ECHS Affected: 5.7
    Unaffected: 5.7.1
    Create a notification for this product.
    Credits
    VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8033",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T19:47:19.139182Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T14:59:40.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Response Header Handler"
              ],
              "product": "e-Clinic Healthcare System ECHS",
              "vendor": "PicoTronica",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.7"
                },
                {
                  "status": "unaffected",
                  "version": "5.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. Upgrading to version 5.7.1 mitigates this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T19:30:16.794Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361359 | PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/361359"
            },
            {
              "name": "VDB-361359 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361359/cti"
            },
            {
              "name": "Submit #800793 | PicoTronica e-Clinic Healthcare System (ECHS) v5.7 Information Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/800793"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/1dBJAAYyNpktnOBSCJPJGUMdfjb-Vj3PTy5oNj8RjeQ8/edit?usp=sharing"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-06T14:22:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8033",
        "datePublished": "2026-05-06T19:30:16.794Z",
        "dateReserved": "2026-05-06T12:17:17.895Z",
        "dateUpdated": "2026-05-07T14:59:40.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8032 (GCVE-0-2026-8032)

    Vulnerability from nvd – Published: 2026-05-06 19:00 – Updated: 2026-05-07 13:55
    VLAI
    Title
    PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials
    Summary
    A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 5.7.1 is sufficient to resolve this issue. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Hard-coded Credentials
    • CWE-259 - Use of Hard-coded Password
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/361358 vdb-entrytechnical-description
    https://vuldb.com/vuln/361358/cti signaturepermissions-required
    https://vuldb.com/submit/800792 third-party-advisory
    https://docs.google.com/document/d/1w1veNs8I3nxsV… exploit
    Impacted products
    Vendor Product Version
    PicoTronica e-Clinic Healthcare System ECHS Affected: 5.7
    Unaffected: 5.7.1
    Create a notification for this product.
    Credits
    VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8032",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T13:55:06.507784Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T13:55:16.912Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "e-Clinic Healthcare System ECHS",
              "vendor": "PicoTronica",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.7"
                },
                {
                  "status": "unaffected",
                  "version": "5.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 5.7.1 is sufficient to resolve this issue. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T19:00:20.735Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361358 | PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/361358"
            },
            {
              "name": "VDB-361358 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361358/cti"
            },
            {
              "name": "Submit #800792 | PicoTronica e-Clinic Healthcare System (ECHS) v5.7 Improper Privilege Management",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/800792"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/1w1veNs8I3nxsVxbSiIgJmt-4S5a0rW0bvjDvEe7iDr0/edit?usp=sharing"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-06T14:22:27.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8032",
        "datePublished": "2026-05-06T19:00:20.735Z",
        "dateReserved": "2026-05-06T12:17:14.544Z",
        "dateUpdated": "2026-05-07T13:55:16.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8031 (GCVE-0-2026-8031)

    Vulnerability from nvd – Published: 2026-05-06 18:00 – Updated: 2026-05-06 18:37
    VLAI
    Title
    PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication
    Summary
    A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 5.7.1 is sufficient to fix this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    PicoTronica e-Clinic Healthcare System ECHS Affected: 5.7
    Unaffected: 5.7.1
    Create a notification for this product.
    Credits
    VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8031",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T18:36:57.395325Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T18:37:26.894Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "API Endpoint"
              ],
              "product": "e-Clinic Healthcare System ECHS",
              "vendor": "PicoTronica",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.7"
                },
                {
                  "status": "unaffected",
                  "version": "5.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 5.7.1 is sufficient to fix this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T18:00:18.864Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361357 | PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/361357"
            },
            {
              "name": "VDB-361357 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361357/cti"
            },
            {
              "name": "Submit #800781 | PicoTronica e-Clinic Healthcare System (ECHS) v5.7 Exposure of Private Personal Information to an Unauthorized Acto",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/800781"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/1FByC9x21c5503cQg6lkxjffIwWlEAHtHi_83vk2eUdk/edit?usp=sharing"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-06T14:22:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8031",
        "datePublished": "2026-05-06T18:00:18.864Z",
        "dateReserved": "2026-05-06T12:17:10.551Z",
        "dateUpdated": "2026-05-06T18:37:26.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8033 (GCVE-0-2026-8033)

    Vulnerability from cvelistv5 – Published: 2026-05-06 19:30 – Updated: 2026-05-07 14:59
    VLAI
    Title
    PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure
    Summary
    A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. Upgrading to version 5.7.1 mitigates this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    PicoTronica e-Clinic Healthcare System ECHS Affected: 5.7
    Unaffected: 5.7.1
    Create a notification for this product.
    Credits
    VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8033",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T19:47:19.139182Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T14:59:40.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Response Header Handler"
              ],
              "product": "e-Clinic Healthcare System ECHS",
              "vendor": "PicoTronica",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.7"
                },
                {
                  "status": "unaffected",
                  "version": "5.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. Upgrading to version 5.7.1 mitigates this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T19:30:16.794Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361359 | PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/361359"
            },
            {
              "name": "VDB-361359 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361359/cti"
            },
            {
              "name": "Submit #800793 | PicoTronica e-Clinic Healthcare System (ECHS) v5.7 Information Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/800793"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/1dBJAAYyNpktnOBSCJPJGUMdfjb-Vj3PTy5oNj8RjeQ8/edit?usp=sharing"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-06T14:22:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8033",
        "datePublished": "2026-05-06T19:30:16.794Z",
        "dateReserved": "2026-05-06T12:17:17.895Z",
        "dateUpdated": "2026-05-07T14:59:40.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8032 (GCVE-0-2026-8032)

    Vulnerability from cvelistv5 – Published: 2026-05-06 19:00 – Updated: 2026-05-07 13:55
    VLAI
    Title
    PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials
    Summary
    A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 5.7.1 is sufficient to resolve this issue. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Hard-coded Credentials
    • CWE-259 - Use of Hard-coded Password
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/361358 vdb-entrytechnical-description
    https://vuldb.com/vuln/361358/cti signaturepermissions-required
    https://vuldb.com/submit/800792 third-party-advisory
    https://docs.google.com/document/d/1w1veNs8I3nxsV… exploit
    Impacted products
    Vendor Product Version
    PicoTronica e-Clinic Healthcare System ECHS Affected: 5.7
    Unaffected: 5.7.1
    Create a notification for this product.
    Credits
    VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8032",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T13:55:06.507784Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T13:55:16.912Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "e-Clinic Healthcare System ECHS",
              "vendor": "PicoTronica",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.7"
                },
                {
                  "status": "unaffected",
                  "version": "5.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 5.7.1 is sufficient to resolve this issue. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T19:00:20.735Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361358 | PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/361358"
            },
            {
              "name": "VDB-361358 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361358/cti"
            },
            {
              "name": "Submit #800792 | PicoTronica e-Clinic Healthcare System (ECHS) v5.7 Improper Privilege Management",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/800792"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/1w1veNs8I3nxsVxbSiIgJmt-4S5a0rW0bvjDvEe7iDr0/edit?usp=sharing"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-06T14:22:27.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8032",
        "datePublished": "2026-05-06T19:00:20.735Z",
        "dateReserved": "2026-05-06T12:17:14.544Z",
        "dateUpdated": "2026-05-07T13:55:16.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8031 (GCVE-0-2026-8031)

    Vulnerability from cvelistv5 – Published: 2026-05-06 18:00 – Updated: 2026-05-06 18:37
    VLAI
    Title
    PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication
    Summary
    A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 5.7.1 is sufficient to fix this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    PicoTronica e-Clinic Healthcare System ECHS Affected: 5.7
    Unaffected: 5.7.1
    Create a notification for this product.
    Credits
    VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8031",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T18:36:57.395325Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T18:37:26.894Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "API Endpoint"
              ],
              "product": "e-Clinic Healthcare System ECHS",
              "vendor": "PicoTronica",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.7"
                },
                {
                  "status": "unaffected",
                  "version": "5.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 5.7.1 is sufficient to fix this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T18:00:18.864Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361357 | PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/361357"
            },
            {
              "name": "VDB-361357 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361357/cti"
            },
            {
              "name": "Submit #800781 | PicoTronica e-Clinic Healthcare System (ECHS) v5.7 Exposure of Private Personal Information to an Unauthorized Acto",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/800781"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/1FByC9x21c5503cQg6lkxjffIwWlEAHtHi_83vk2eUdk/edit?usp=sharing"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-06T14:22:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8031",
        "datePublished": "2026-05-06T18:00:18.864Z",
        "dateReserved": "2026-05-06T12:17:10.551Z",
        "dateUpdated": "2026-05-06T18:37:26.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }