An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded.
https://www.armis.com/PwnedPiper
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://www.armis.com/research/pwnedpiper/
https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20
https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37163-bulletin---default-credentials-for-the-telnet-server.pdf?rev=da64c389a475494985b9fd2c2c508542&hash=466A7109AF08EBFF3756B2C25968ED5E
https://www.swisslog-healthcare.com
Source: Mitre, NVD
Published: 2021-08-02
Updated: 2026-06-17
Named Vulnerability: PwnedPiper
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: High
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS: 0.00842