Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.0
CGM CLININET Smart Card Authentication Can Be Bypassed by Certificate Number
CVE-2025-30042
Summary
The CGM CLININET system's authentication method can be tricked by using someone else's certificate number, allowing unauthorized access. This means that if a user's certificate number is discovered, an attacker can use it to access the system without needing the actual smart card or private key. To protect your system, update to a more secure authentication method that verifies the smart card and private key.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| cgm | clininet | <= 2025.ms2 | – |
Original title
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verifi...
Original description
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication, regardless of the actual presence of the smart card or ownership of the private key.
nvd CVSS4.0
9.0
Vulnerability type
CWE-603
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026