The SonoSite M-Turbo Ultrasound System is a medical device that allows for network connectivity if configured. It has an interface with multiple user roles allowed and installs with default administrative credentials according to the manual.
Posts Tagged ‘Medical’
The Siemens SC 7000 and SC 9000XL Patient Monitors come with a default passcode that requires physical access but gives complete control over the device. According to the manual:
The Service Menu is accessed via the Monitor Options selection under the Monitor Setup function on the Main Menu. To access the Service menu and related functions, do the following:
1) Select Monitor Setup on Level 1, then select Biomed on Level 2, and then select Service on Level 3.
2) Input the service password (4712).
Note: In general, the Service Menu provides access to the following (may vary with software version):
• Language selection
• Alarm Sounds
• Network control
• Network Configuration (requires installed SW version ≥VC2)
• Transport Brightness
• Line frequency setting
• Restore factory defaults
• Copy setups to card
• Copy setups to monitor
• Install Software
• Locked Options
• Waveform Simulator
The GE Healthcare FASTlab Synthesizer runs on Windows 7. According to the manual it tells the admin to install it with specific credentials. The manual doesn’t say if things won’t work if you choose different credentials. Affects versions: 1.1.68, 2.0.39, 2.0.40
Enter the user Name AdminFASTlab and the computer name, then click “Next”
Enter “Healthcare” as the password and “Default from Documentation” as the password hint and click “Next”:
Once installed there are default credentials to access the device physically:
The login window appears. You now need to enter your user name and password and then click on the “Login” button. The default credentials are Login Name “Admin” and Password “admin“. It his highly recommended to change the credentials after installation.
BK Medical Aps bk3000 Ultrasound System “allows you to routinely see anatomy and micro-vascularization not seen with conventional ultrasound.” According to the manual it has default administrator credentials. You can attach a network drive or connect to a network printer but it doesnt look like you can login to the device remotely.
If your system is set up to be password-protected, use the Password Setup window to change your password. If you are a superuser with administrative privileges, you can add or remove users, reset their passwords, and enable or disable password protection.
NOTE: Usernames and passwords must each be no longer than 16 characters. The username is not case-sensitive, but the password is case-sensitive. (Case-sensitive means that B is not the same as b.)
The default superuser name and password are:
• Name: administrator
• Password: superuser
This one is a little different then the other GE Healthcare TRACERlab FX2 Default Admin Credentials since it uses extra defaults.
GE Healthcare TRACERlab FX2 M (manual)
version affected: S1950JR/S1950JS (230V/115V)
Establish remote desktop connection between supervision computer and TPU. Enter:
4. Double click the TRACERlab software icon on the desktop. Now you enter the program.
5. Enter your password and username. Enter:
The GE Healthcare TRACERlab FX2 devices (model C, MeI and N) are “a computer controlled automated system for the production of radiochemicals.” According to the manuals for the FX2 C, FX2 MeI and FX2 N they install with default credentials that can be used by an attacker with physical access to the device:
S9150 JJ- TRACERLab FX2 C (230 V)
S9150 JK- TRACERLab FX2 C (115 V)
P5360 QC/P5360 QD TRACERlab FX2 MeI, 230 V/115 V
S9150 KE- TRACERlab FX2 N (230 V)
S9150 KF- TRACERlab FX2 N (115 V)
The Astute Medical ASTUTE140 Meter “is intended to be used in conjunction with clinical evaluation in patients who currently have or have had within the past 24 hours acute cardiovascular and or respiratory compromise and are ICU patients as an aid in the risk assessment for moderate or severe acute kidney injury (AKI) within 12 hours of patient assessment.” According to the manual it has a default user account and has some networking functionality to send information from the device to another system. It doesn’t appear you can remotely login but the information is probably sent unencrypted.
After powering on the Astute140 Meter, the Log In screen will be displayed after a brief self test (See “Powering On the Astute140 Meter” on p. 22 for details).
2. When the Log In screen is displayed, User ID is highlighted. Enter 1234 using the numeric keypad or an external keyboard (if connected).
3. After entering your user ID, use the key to highlight the Password field.
4. Use the numeric keypad or an external keyboard (if connected) to enter 1234.
Press the right soft key to accept all entries.
Logging in to the Nuance Management Server through the Nuance Management Console
3. In the URL line of the browser, enter http:///nmc/Client.xbap, entering your server machine’s IP address (but not the angle brackets). Then click the Go or similar button in the browser. Or, if you know the server name, use its name instead of its IPaddress: http:///nmc/Client.xbap (The URL shown here is based on the location of the .xbap file if you installed the NMS Server under the default directory.) Note that this URL changes if you have a load balancing switch managing traffic to multiple NMS Servers (see the end of this section for details).
4. When the Nuance Management Console login screen appears, enter admin as the user name and password as the password, then click Log on.
The Zoe Medical, Inc. Nightingale PPM3 (Personal Patient Monitor, 3rd Generation) “is a small, lightweight patient monitor designed to acquire physiological waveforms and parameters, and to transmit this data to a Nightingale MPC (Multi-patient Console). The Nightingale MPC is the central monitoring station for the Nightingale Monitoring System. The Nightingale MPC connects to a network of Nightingale PPM3 bedside patient monitors, allowing you to view information from up to 64 patients at once.” According to the manual it comes with a default passcode to access the Setup Alarms or Setup System menu if you have physical access:
To access the Setup Alarms or Setup System menu, perform the following steps
when presented with the Password menu:
• Set Dial 1 to 49
• Set Dial 2 to 48
• Set Dial 3 to 46
• Select OK
Lantronix EDS-MD Medical Device Server (models EDS-MD 4, EDS-MD 8 and EDS-MD 16) uses a web interface for device management. According to the manual it comes with default admin credentials:
Accessing Web Manager
Note: You can also access the Web Manager by selecting the Web Configuration tab on the DeviceInstaller application window.
To access Web Manager, perform the following steps:
1. Open a standard web browser. Lantronix supports the latest versions of Internet Explorer, Mozilla Firefox, Safari or Chrome web browsers.
2. Enter the IP address or hostname of the EDS-MD unit in the address bar. The IP address may have been assigned manually using DeviceInstaller (see the EDS-MD Medical Device Server
Quick Start Guide) or automatically by DHCP.
3. Enter your username and password. The factory-default username is “admin” and “PASS” is the default password. The Device Status web page displays configurations including network settings, line settings, tunneling settings, and product information.