Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by estomed
CVE-2024-3700 (GCVE-0-2024-3700)
Vulnerability from cvelistv5 – Published: 2024-06-10 11:19 – Updated: 2025-10-03 09:03
VLAI
Title
Hardcoded password in Estomed Sp. z o.o. Simple Care software
Summary
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations.
This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-259 - Use of Hard-coded Password
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2024/06/CVE-2024-1228/ | third-party-advisory |
| https://cert.pl/posts/2024/06/CVE-2024-1228/ | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Estomed Sp. z o.o. | Simple Care |
Affected:
all versions
|
|
| estomed | simple_care |
Affected:
0 , < *
(custom)
cpe:2.3:a:estomed:simple_care:*:*:*:*:*:*:*:* |
Date Public
2024-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:00.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/06/CVE-2024-1228/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/06/CVE-2024-1228/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:estomed:simple_care:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simple_care",
"vendor": "estomed",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T17:34:55.689302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T17:43:21.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Simple Care",
"vendor": "Estomed Sp. z o.o.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2024-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUse of hard-coded password to the patients\u0027 database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations.\u003c/p\u003e\u003cp\u003eThis issue affects\u0026nbsp;Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported.\u003c/p\u003e"
}
],
"value": "Use of hard-coded password to the patients\u0027 database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations.\n\nThis issue affects\u00a0Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:H/SA:H/AU:Y/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T09:03:38.081Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/06/CVE-2024-1228/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/06/CVE-2024-1228/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hardcoded password in Estomed Sp. z o.o. Simple Care software",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-3700",
"datePublished": "2024-06-10T11:19:54.619Z",
"dateReserved": "2024-04-12T08:52:16.249Z",
"dateUpdated": "2025-10-03T09:03:38.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}