An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. In addition, this enables an attacker to create and overwrite arbitrary files on the server filesystem with the rights of the Firebird database ("NT AUTHORITY\SYSTEM").
The Elefant system by Hasomed uses a Firebird database configured with default, widely-known login credentials that are not changed during installation. An attacker on the local network can use these credentials to establish a remote connection to the database with full database administrator (DBA) privileges. Having DBA privileges in a Firebird database running in the context of the 'NT AUTHORITY\SYSTEM' account, an attacker can not only read and modify data in the database, but also create and overwrite arbitrary files in the server's file system.
An attacker can gain unauthorized access to sensitive patient medical data and login credentials stored in the database, as well as create or overwrite arbitrary files on the server with system privileges (NT AUTHORITY\SYSTEM), which in practice means complete takeover of the server.
Patches available from the vendor should be applied according to references. In urgent mode, it is recommended to immediately change the default authentication credentials of the Firebird database, restrict network access to the database port only to trusted hosts (firewall, network segmentation), and monitor unauthorized connections to the database.
Elefant software by Hasomed — versions indicated in vendor references; affects installations with access to the local network of a medical office
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H