Vulnerabilities in internet-connected temperature monitoring devices mainly used in hospitals, and their accompanying desktop application, could allow hackers to gain administrator privileges to the technology.
Researchers at Nozomi Networks uncovered four vulnerabilities in Sensor Net Connect and three flaws in the Thermoscan IP desktop application, both made by a division of French firm Proges Plus.
The system is designed for environments such as hospitals where temperatures must remain exact and constant. One flaw, tracked as CVE-2024-31202, would allow a user with basic access to the Thermoscan IP application to create new accounts and would assign them admin-level privileges. Real-world examples of users who might already have basic access to the desktop application include maintenance contractors and third-party applications, Nozomi said in a Thursday blog post.