MidnightBSD

Advisories for gehealthcare

CVE-2012-6660 HIGH

GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
gehealthcare precision_mpi *
CVE-2012-6693 HIGH

GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
gehealthcare centricity_pacs_server 4.0
CVE-2012-6694 HIGH

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
gehealthcare centricity_pacs_workstation 4.0.1
gehealthcare centricity_pacs_workstation 4.0
gehealthcare centricity_pacs_server 4.0
CVE-2012-6695 HIGH

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
gehealthcare centricity_pacs_workstation 4.0.1
gehealthcare centricity_pacs_workstation 4.0
CVE-2013-7404 HIGH

GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
gehealthcare discovery_nm_750b *
CVE-2013-7405 HIGH

The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
gehealthcare centricity_dms 4.2
CVE-2013-7442 HIGH

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
gehealthcare centricity_pacs_workstation 4.0.1
gehealthcare centricity_pacs_workstation 4.0
CVE-2014-7232 HIGH

GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
gehealthcare discovery_xr656 *
gehealthcare discovery_xr656_g2 *
CVE-2014-7233 HIGH

GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
gehealthcare precision_thunis-800+ *
CVE-2014-9736 HIGH

GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
gehealthcare centricity_clinical_archive_audit_trail_repository *
CVE-2020-25175 MEDIUM

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-523,CWE-522,

Products Affected

Vendor Product Version
gehealthcare optima_ct520_firmware -
gehealthcare revolution_discovery_ct_firmware -
gehealthcare logiq_7_bt06_firmware -
gehealthcare petrace_800_firmware -
gehealthcare discovery_mi_mi_dr_firmware -
gehealthcare revolution_act_firmware -
gehealthcare discovery_ct750hd_firmware -
gehealthcare optima_nm/ct_640_firmware -
gehealthcare optima_expert_&_professional_firmware -
gehealthcare logiq_7_bt03_firmware -
gehealthcare discovery_nm/ct_d570c_firmware -
gehealthcare lightspeed_pro16_firmware -
gehealthcare image_vault_firmware -
gehealthcare innova_igs_520_firmware -
gehealthcare brivo_definiu_firmware -
gehealthcare optima_ct660_firmware -
gehealthcare lightspeed_vct_firmware -
gehealthcare precision_500d_firmware -
gehealthcare lightspeed_rt16_firmware -
gehealthcare 1.5t_brivo_mr355_firmware -
gehealthcare optima_xr200amx_firmware -
gehealthcare revolution_frontier_es_firmware -
gehealthcare brightspeed_edge_firmware -
gehealthcare innova_igs_530_firmware -
gehealthcare logiq_9_bt03_firmware -
gehealthcare infinia_firmware -
gehealthcare innova_igs_730_firmware -
gehealthcare optima_ct580rt_firmware -
gehealthcare signa_hdi_1.5t_firmware -
gehealthcare optima_320_firmware -
gehealthcare discovery_nm/ct850_firmware -
gehealthcare discovery_nm_630_firmware -
gehealthcare optima_ct68_firmware -
gehealthcare discovery_iq_firmware -
gehealthcare logiq_9_bt04_firmware -
gehealthcare innova_3100_firmware -
gehealthcare optima_quantum_firmware -
gehealthcare innova_313-iq_firmware -
gehealthcare seno_200d_firmware -
gehealthcare optima_cl320i_firmware -
gehealthcare signa_vibrant_firmware -
gehealthcare optima_xr640_firmware -
gehealthcare discovery_nm/ct_870_firmware -
gehealthcare brivo_xr575_firmware -
gehealthcare discovery_nm_750b_firmware -
gehealthcare logiq_9_bt06_firmware -
gehealthcare brightspeed_elite_select_firmware -
gehealthcare brightspeed_elite_firmware -
gehealthcare definium_6000_firmware -
gehealthcare voluson_730_bt08_firmware -
gehealthcare optima_ct540_firmware -
gehealthcare optima_igs_330_firmware -
gehealthcare optima_3100_firmware -
gehealthcare echopac_bt06_firmware -
gehealthcare xeleris_firmware -
gehealthcare 3.0t_signa_hdxt_firmware -
gehealthcare optima_xr220amx_firmware -
gehealthcare logiq_7_bt04_firmware -
gehealthcare discovery_nm_d530c_firmware -
gehealthcare vivid_7_bt02_firmware -
gehealthcare optima_mr360_firmware -
gehealthcare brivo_xr515_firmware -
gehealthcare innova_2100-iq_firmware -
gehealthcare seno_essential_firmware -
gehealthcare brightspeed_edge_select_firmware -
gehealthcare optima_cl323i_firmware -
gehealthcare discovery_nm830_firmware -
gehealthcare 3.0t_signa_hd_16_firmware -
gehealthcare optima_cl320_firmware -
gehealthcare 3.0t_signa_hd_23_firmware -
gehealthcare revolution_evo_firmware -
gehealthcare optima_igs_320_firmware -
gehealthcare discovery_nm/ct_860_firmware -
gehealthcare vivid_i_bt06_firmware -
gehealthcare innova_2000_firmware -
gehealthcare brivo_xr118_firmware -
gehealthcare innova_4100_firmware -
gehealthcare discovery_xr650_firmware -
gehealthcare innova_igs_630_firmware -
gehealthcare optima_ct580w_firmware -
gehealthcare brivo_ct385_firmware -
gehealthcare pet_discovery_iq_firmware -
gehealthcare discovery_nm/ct_670_firmware -
gehealthcare discovery_xr656_firmware -
gehealthcare wdr1_firmware -
gehealthcare ventri_firmware -
gehealthcare logiq_5_bt03_firmware -
gehealthcare senographe_pristina_firmware -
gehealthcare vivid_7_bt06_firmware -
gehealthcare revolution_ct_firmware -
gehealthcare optima_advance_firmware -
gehealthcare seno_ds_firmware -
gehealthcare pet_discovery_iq_upgrade_firmware -
gehealthcare voluson_730_bt05_firmware -
gehealthcare innova_212-iq_firmware -
gehealthcare logiq_9_bt02_firmware -
gehealthcare revolution_frontier_firmware -
gehealthcare discovery_xr656+_firmware -
gehealthcare innova_4100-iq_firmware -
gehealthcare optima_ct580_firmware -
gehealthcare innova_igs_620_firmware -
gehealthcare revolution_hd_firmware -
gehealthcare optima_ct670_firmware -
gehealthcare optima_xr646_firmware -
gehealthcare definium_5000_firmware -
gehealthcare revolution_acts_firmware -
gehealthcare amx_700_firmware -
gehealthcare brivo_nm_615_firmware -
gehealthcare discovery_ct590rt_firmware -
gehealthcare innova_3100-iq_firmware -
gehealthcare definium_8000_firmware -
gehealthcare brivo_xr383_firmware -
CVE-2020-25179 HIGH

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-497,CWE-200,

Products Affected

Vendor Product Version
gehealthcare optima_ct520_firmware -
gehealthcare revolution_discovery_ct_firmware -
gehealthcare logiq_7_bt06_firmware -
gehealthcare petrace_800_firmware -
gehealthcare discovery_mi_mi_dr_firmware -
gehealthcare revolution_act_firmware -
gehealthcare discovery_ct750hd_firmware -
gehealthcare optima_nm/ct_640_firmware -
gehealthcare optima_expert_&_professional_firmware -
gehealthcare logiq_7_bt03_firmware -
gehealthcare discovery_nm/ct_d570c_firmware -
gehealthcare lightspeed_pro16_firmware -
gehealthcare image_vault_firmware -
gehealthcare innova_igs_520_firmware -
gehealthcare brivo_definiu_firmware -
gehealthcare optima_ct660_firmware -
gehealthcare lightspeed_vct_firmware -
gehealthcare precision_500d_firmware -
gehealthcare lightspeed_rt16_firmware -
gehealthcare 1.5t_brivo_mr355_firmware -
gehealthcare optima_xr200amx_firmware -
gehealthcare revolution_frontier_es_firmware -
gehealthcare brightspeed_edge_firmware -
gehealthcare innova_igs_530_firmware -
gehealthcare logiq_9_bt03_firmware -
gehealthcare infinia_firmware -
gehealthcare innova_igs_730_firmware -
gehealthcare optima_ct580rt_firmware -
gehealthcare signa_hdi_1.5t_firmware -
gehealthcare optima_320_firmware -
gehealthcare discovery_nm/ct850_firmware -
gehealthcare discovery_nm_630_firmware -
gehealthcare optima_ct68_firmware -
gehealthcare discovery_iq_firmware -
gehealthcare logiq_9_bt04_firmware -
gehealthcare innova_3100_firmware -
gehealthcare optima_quantum_firmware -
gehealthcare innova_313-iq_firmware -
gehealthcare seno_200d_firmware -
gehealthcare optima_cl320i_firmware -
gehealthcare signa_vibrant_firmware -
gehealthcare optima_xr640_firmware -
gehealthcare discovery_nm/ct_870_firmware -
gehealthcare brivo_xr575_firmware -
gehealthcare discovery_nm_750b_firmware -
gehealthcare logiq_9_bt06_firmware -
gehealthcare brightspeed_elite_select_firmware -
gehealthcare brightspeed_elite_firmware -
gehealthcare definium_6000_firmware -
gehealthcare voluson_730_bt08_firmware -
gehealthcare optima_ct540_firmware -
gehealthcare optima_igs_330_firmware -
gehealthcare optima_3100_firmware -
gehealthcare echopac_bt06_firmware -
gehealthcare xeleris_firmware -
gehealthcare 3.0t_signa_hdxt_firmware -
gehealthcare optima_xr220amx_firmware -
gehealthcare logiq_7_bt04_firmware -
gehealthcare discovery_nm_d530c_firmware -
gehealthcare vivid_7_bt02_firmware -
gehealthcare optima_mr360_firmware -
gehealthcare brivo_xr515_firmware -
gehealthcare innova_2100-iq_firmware -
gehealthcare seno_essential_firmware -
gehealthcare brightspeed_edge_select_firmware -
gehealthcare optima_cl323i_firmware -
gehealthcare discovery_nm830_firmware -
gehealthcare 3.0t_signa_hd_16_firmware -
gehealthcare optima_cl320_firmware -
gehealthcare 3.0t_signa_hd_23_firmware -
gehealthcare revolution_evo_firmware -
gehealthcare optima_igs_320_firmware -
gehealthcare discovery_nm/ct_860_firmware -
gehealthcare vivid_i_bt06_firmware -
gehealthcare innova_2000_firmware -
gehealthcare brivo_xr118_firmware -
gehealthcare innova_4100_firmware -
gehealthcare discovery_xr650_firmware -
gehealthcare innova_igs_630_firmware -
gehealthcare optima_ct580w_firmware -
gehealthcare brivo_ct385_firmware -
gehealthcare pet_discovery_iq_firmware -
gehealthcare discovery_nm/ct_670_firmware -
gehealthcare discovery_xr656_firmware -
gehealthcare wdr1_firmware -
gehealthcare ventri_firmware -
gehealthcare logiq_5_bt03_firmware -
gehealthcare senographe_pristina_firmware -
gehealthcare vivid_7_bt06_firmware -
gehealthcare revolution_ct_firmware -
gehealthcare optima_advance_firmware -
gehealthcare seno_ds_firmware -
gehealthcare pet_discovery_iq_upgrade_firmware -
gehealthcare voluson_730_bt05_firmware -
gehealthcare innova_212-iq_firmware -
gehealthcare logiq_9_bt02_firmware -
gehealthcare revolution_frontier_firmware -
gehealthcare discovery_xr656+_firmware -
gehealthcare innova_4100-iq_firmware -
gehealthcare optima_ct580_firmware -
gehealthcare innova_igs_620_firmware -
gehealthcare revolution_hd_firmware -
gehealthcare optima_ct670_firmware -
gehealthcare optima_xr646_firmware -
gehealthcare definium_5000_firmware -
gehealthcare revolution_acts_firmware -
gehealthcare amx_700_firmware -
gehealthcare brivo_nm_615_firmware -
gehealthcare discovery_ct590rt_firmware -
gehealthcare innova_3100-iq_firmware -
gehealthcare definium_8000_firmware -
gehealthcare brivo_xr383_firmware -
CVE-2020-6961 HIGH

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-256,CWE-522,

Products Affected

Vendor Product Version
gehealthcare carescape_central_station_mai700_firmware 1.0
gehealthcare clinical_information_center_mp100r_firmware 4.0
gehealthcare carescape_telemetry_server_mp100r_firmware 4.3
gehealthcare clinical_information_center_mp100d_firmware 4.0
gehealthcare clinical_information_center_mp100r_firmware 5.0
gehealthcare clinical_information_center_mp100d_firmware 5.0
gehealthcare apexpro_telemetry_server_firmware *
gehealthcare carescape_telemetry_server_mp100r_firmware *
gehealthcare carescape_central_station_mas700_firmware 1.0
CVE-2020-6962 HIGH

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
gehealthcare carescape_telemetry_server_mp100r_firmware 4.3
gehealthcare carescape_b450_monitor_firmware 2.0
gehealthcare carescape_b650_monitor_firmware 2.0
gehealthcare carescape_b850_monitor_firmware 2.0
gehealthcare clinical_information_center_mp100r_firmware 5.0
gehealthcare clinical_information_center_mp100d_firmware 5.0
gehealthcare carescape_telemetry_server_mp100r_firmware *
gehealthcare apexpro_telemetry_server_firmware 4.3
gehealthcare carescape_central_station_mai700_firmware 2.0
gehealthcare carescape_central_station_mai700_firmware 1.0
gehealthcare clinical_information_center_mp100r_firmware 4.0
gehealthcare carescape_central_station_mas700_firmware 2.0
gehealthcare clinical_information_center_mp100d_firmware 4.0
gehealthcare carescape_b850_monitor_firmware 1.0
gehealthcare carescape_b650_monitor_firmware 1.0
gehealthcare apexpro_telemetry_server_firmware *
gehealthcare carescape_central_station_mas700_firmware 1.0
CVE-2020-6963 HIGH

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-20,CWE-798,

Products Affected

Vendor Product Version
gehealthcare carescape_central_station_mai700_firmware 1.0
gehealthcare clinical_information_center_mp100r_firmware 4.0
gehealthcare clinical_information_center_mp100d_firmware 4.0
gehealthcare clinical_information_center_mp100r_firmware 5.0
gehealthcare clinical_information_center_mp100d_firmware 5.0
gehealthcare apexpro_telemetry_server_firmware *
gehealthcare carescape_telemetry_server_mp100r_firmware *
gehealthcare carescape_central_station_mas700_firmware 1.0
CVE-2020-6964 MEDIUM

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
gehealthcare carescape_central_station_mai700_firmware 1.0
gehealthcare clinical_information_center_mp100r_firmware 4.0
gehealthcare carescape_central_station_mas700_firmware 2.0
gehealthcare clinical_information_center_mp100d_firmware 4.0
gehealthcare clinical_information_center_mp100r_firmware 5.0
gehealthcare clinical_information_center_mp100d_firmware 5.0
gehealthcare apexpro_telemetry_server_firmware *
gehealthcare carescape_telemetry_server_mp100r_firmware *
gehealthcare carescape_central_station_mas700_firmware 1.0
gehealthcare carescape_central_station_mai700_firmware 2.0
CVE-2020-6965 MEDIUM

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,CWE-20,CWE-434,

Products Affected

Vendor Product Version
gehealthcare carescape_b450_monitor_firmware 2.0
gehealthcare carescape_b650_monitor_firmware 2.0
gehealthcare carescape_b850_monitor_firmware 2.0
gehealthcare clinical_information_center_mp100r_firmware 5.0
gehealthcare clinical_information_center_mp100d_firmware 5.0
gehealthcare carescape_telemetry_server_mp100r_firmware *
gehealthcare carescape_central_station_mai700_firmware 1.0
gehealthcare clinical_information_center_mp100r_firmware 4.0
gehealthcare clinical_information_center_mp100d_firmware 4.0
gehealthcare carescape_b850_monitor_firmware 1.0
gehealthcare carescape_b650_monitor_firmware 1.0
gehealthcare apexpro_telemetry_server_firmware *
gehealthcare carescape_central_station_mas700_firmware 1.0
CVE-2020-6966 HIGH

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-326,CWE-326,

Products Affected

Vendor Product Version
gehealthcare carescape_central_station_mai700_firmware 1.0
gehealthcare clinical_information_center_mp100r_firmware 4.0
gehealthcare clinical_information_center_mp100d_firmware 4.0
gehealthcare clinical_information_center_mp100r_firmware 5.0
gehealthcare clinical_information_center_mp100d_firmware 5.0
gehealthcare apexpro_telemetry_server_firmware *
gehealthcare carescape_telemetry_server_mp100r_firmware *
gehealthcare carescape_central_station_mas700_firmware 1.0