Posts Tagged ‘Medical’

SonoSite M-Turbo Ultrasound System Networked Interface Default Admin Credentials

August 25, 2015

The SonoSite M-Turbo Ultrasound System is a medical device that allows for network connectivity if configured. It has an interface with multiple user roles allowed and installs with default administrative credentials according to the manual.



Siemens SC 7000 / SC 9000XL Patient Monitors Default Admin Passcode

July 12, 2015

The Siemens SC 7000 and SC 9000XL Patient Monitors come with a default passcode that requires physical access but gives complete control over the device. According to the manual:

The Service Menu is accessed via the Monitor Options selection under the Monitor Setup function on the Main Menu. To access the Service menu and related functions, do the following:
1) Select Monitor Setup on Level 1, then select Biomed on Level 2, and then select Service on Level 3.
2) Input the service password (4712).
Note: In general, the Service Menu provides access to the following (may vary with software version):
• Language selection
• Regulation
• Alarm Sounds
Network control
Network Configuration (requires installed SW version ≥VC2)
• Transport Brightness
• Line frequency setting
Restore factory defaults
• Copy setups to card
• Copy setups to monitor
Install Software
Locked Options
• Waveform Simulator

GE Healthcare FASTlab Synthesizer Default Credentials

July 12, 2015

The GE Healthcare FASTlab Synthesizer runs on Windows 7. According to the manual it tells the admin to install it with specific credentials. The manual doesn’t say if things won’t work if you choose different credentials. Affects versions: 1.1.68, 2.0.39, 2.0.40

Enter the user Name AdminFASTlab and the computer name, then click “Next”
Enter “Healthcare” as the password and “Default from Documentation” as the password hint and click “Next”:

Once installed there are default credentials to access the device physically:

The login window appears. You now need to enter your user name and password and then click on the “Login” button. The default credentials are Login Name “Admin” and Password “admin“. It his highly recommended to change the credentials after installation.

BK Medical Aps Ultrasound Systems Default Credentials

July 12, 2015

BK Medical Aps bk3000 Ultrasound Systemallows you to routinely see anatomy and micro-vascularization not seen with conventional ultrasound.According to the manual it has default administrator credentials. You can attach a network drive or connect to a network printer but it doesnt look like you can login to the device remotely.

Password Setup
If your system is set up to be password-protected, use the Password Setup window to change your password. If you are a superuser with administrative privileges, you can add or remove users, reset their passwords, and enable or disable password protection.
NOTE: Usernames and passwords must each be no longer than 16 characters. The username is not case-sensitive, but the password is case-sensitive. (Case-sensitive means that B is not the same as b.)
The default superuser name and password are:
• Name: administrator
• Password: superuser

This also affects the Pro Focus 2202 Ultrasound System and the Flex Focus 1202 Ultrasound System.

GE Healthcare TRACERlab FX2 M Multiple Default Credentials

July 12, 2015

This one is a little different then the other GE Healthcare TRACERlab FX2 Default Admin Credentials since it uses extra defaults.

GE Healthcare TRACERlab FX2 M (manual)
version affected: S1950JR/S1950JS (230V/115V)

Establish remote desktop connection between supervision computer and TPU. Enter:
Username: tracerlab
Password: tracerlab
4. Double click the TRACERlab software icon on the desktop. Now you enter the program.
5. Enter your password and username. Enter:
Initials: admin
Password: tracerlab

GE Healthcare TRACERlab FX2 Default Admin Credentials

July 12, 2015

The GE Healthcare TRACERlab FX2 devices (model C, MeI and N) are “a computer controlled automated system for the production of radiochemicals.” According to the manuals for the FX2 C, FX2 MeI and FX2 N they install with default credentials that can be used by an attacker with physical access to the device:

Versions affected:
S9150 JJ- TRACERLab FX2 C (230 V)
S9150 JK- TRACERLab FX2 C (115 V)
P5360 QC/P5360 QD TRACERlab FX2 MeI, 230 V/115 V
S9150 KE- TRACERlab FX2 N (230 V)
S9150 KF- TRACERlab FX2 N (115 V)

Initials: admin
Password: tracerlab

Astute Medical ASTUTE140 Meter Default User Credentials

July 11, 2015

The Astute Medical ASTUTE140 Meter “is intended to be used in conjunction with clinical evaluation in patients who currently have or have had within the past 24 hours acute cardiovascular and or respiratory compromise and are ICU patients as an aid in the risk assessment for moderate or severe acute kidney injury (AKI) within 12 hours of patient assessment.According to the manual it has a default user account and has some networking functionality to send information from the device to another system. It doesn’t appear you can remotely login but the information is probably sent unencrypted.

After powering on the Astute140 Meter, the Log In screen will be displayed after a brief self test (See “Powering On the Astute140 Meter” on p. 22 for details).
2. When the Log In screen is displayed, User ID is highlighted. Enter 1234 using the numeric keypad or an external keyboard (if connected).
3. After entering your user ID, use the key to highlight the Password field.
4. Use the numeric keypad or an external keyboard (if connected) to enter 1234.
Press the right soft key to accept all entries.

Dragon Medical 360 Network Edition Nuance Management Console Default Admin Credentials

July 11, 2015

Nuance Dragon Medical 360 Network Edition has a management server run via HTTP. According to the manual it installs with default credentials:

Logging in to the Nuance Management Server through the Nuance Management Console
3. In the URL line of the browser, enter http:///nmc/Client.xbap, entering your server machine’s IP address (but not the angle brackets). Then click the Go or similar button in the browser. Or, if you know the server name, use its name instead of its IPaddress: http:///nmc/Client.xbap (The URL shown here is based on the location of the .xbap file if you installed the NMS Server under the default directory.) Note that this URL changes if you have a load balancing switch managing traffic to multiple NMS Servers (see the end of this section for details).
4. When the Nuance Management Console login screen appears, enter admin as the user name and password as the password, then click Log on.

Zoe Medical Nightingale PPM3 Default Passcode

July 11, 2015

The Zoe Medical, Inc. Nightingale PPM3 (Personal Patient Monitor, 3rd Generation) “is a small, lightweight patient monitor designed to acquire physiological waveforms and parameters, and to transmit this data to a Nightingale MPC (Multi-patient Console). The Nightingale MPC is the central monitoring station for the Nightingale Monitoring System. The Nightingale MPC connects to a network of Nightingale PPM3 bedside patient monitors, allowing you to view information from up to 64 patients at once.According to the manual it comes with a default passcode to access the Setup Alarms or Setup System menu if you have physical access:

Password Control
To access the Setup Alarms or Setup System menu, perform the following steps
when presented with the Password menu:
• Set Dial 1 to 49
• Set Dial 2 to 48
• Set Dial 3 to 46
• Select OK

Lantronix EDS-MD Medical Device Server Web Interface Default Admin Credentials

July 11, 2015

Lantronix EDS-MD Medical Device Server (models EDS-MD 4, EDS-MD 8 and EDS-MD 16) uses a web interface for device management. According to the manual it comes with default admin credentials:

Accessing Web Manager
Note: You can also access the Web Manager by selecting the Web Configuration tab on the DeviceInstaller application window.
To access Web Manager, perform the following steps:
1. Open a standard web browser. Lantronix supports the latest versions of Internet Explorer, Mozilla Firefox, Safari or Chrome web browsers.
2. Enter the IP address or hostname of the EDS-MD unit in the address bar. The IP address may have been assigned manually using DeviceInstaller (see the EDS-MD Medical Device Server
Quick Start Guide) or automatically by DHCP.
3. Enter your username and password. The factory-default username is “admin” and “PASS” is the default password. The Device Status web page displays configurations including network settings, line settings, tunneling settings, and product information.