Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Invenia ABUS by GE HealthCare

    CVE-2024-1486 (GCVE-0-2024-1486)

    Vulnerability from nvd – Published: 2024-05-14 15:10 – Updated: 2024-08-16 18:15
    VLAI
    Title
    Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
    Summary
    Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    GE HealthCare Venue Affected: R1
    Affected: R2
    Affected: R3 , ≤ R3.3 (custom)
    Affected: R4 , ≤ R4.2 (custom)
    Create a notification for this product.
    GE HealthCare Venue Go Affected: R2
    Affected: R3 , ≤ R3.3 (custom)
    Affected: R4 , ≤ R4.2 (custom)
    Create a notification for this product.
    GE HealthCare Venue Fit Affected: R3 , ≤ R3.3 (custom)
    Affected: R4 , ≤ R4.2 (custom)
    Create a notification for this product.
    GE HealthCare LOGIQ e Affected: R7 , ≤ R9.1.4 (custom)
    Affected: R8 , ≤ R10.1.3 (custom)
    Affected: R9 , ≤ R11.0.2 (custom)
    Create a notification for this product.
    GE HealthCare LOGIQ He Affected: 0 , ≤ R9.3.1 (custom)
    Create a notification for this product.
    GE HealthCare Vivid E Affected: E95 , < 206 (custom)
    Affected: E90 , < 206 (custom)
    Affected: E80 , < 206 (custom)
    Affected: E9 113.2 , ≤ 113.2 (custom)
    Create a notification for this product.
    GE HealthCare Vivid S Affected: 70N , < 206 (custom)
    Affected: 60N , < 206 (custom)
    Create a notification for this product.
    GE HealthCare Vivid T Affected: T8 , < 206 (custom)
    Affected: T9 , < 206 (custom)
    Create a notification for this product.
    GE HealthCare Vivid iq Affected: 0 , < 206 (custom)
    Create a notification for this product.
    GE HealthCare Invenia ABUS Affected: 1.2.3
    Create a notification for this product.
    GE HealthCare Invenia ABUS 2.0 Affected: 0 , < 2.2.9 (custom)
    Create a notification for this product.
    gehealthcare venue_firmware Affected: R1
    Affected: R2
    Affected: R3 , ≤ R3.3 (custom)
    Affected: R4 , ≤ R4.2 (custom)
        cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare venue_go_firmware Affected: R2
    Affected: R3 , ≤ R3.3 (custom)
    Affected: R4 , ≤ R4.2 (custom)
        cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare venue_fit_firmware Affected: R3 , ≤ R3.3 (custom)
    Affected: R4 , ≤ R4.2 (custom)
        cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare logiq_e_firmware Affected: R7 , ≤ R9.1.4 (custom)
    Affected: R8 , ≤ R10.1.3 (custom)
    Affected: R9 , ≤ R11.0.2 (custom)
        cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare logiq_he_firmware Affected: 0 , ≤ R9.3.1 (custom)
        cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare vivid_e_firmware Affected: E95 , < 206 (custom)
    Affected: E90 , < 206 (custom)
    Affected: E80 , < 206 (custom)
    Affected: E9 113.2 , ≤ 113.2 (custom)
        cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare vivid_s_firmware Affected: 70N , < 206 (custom)
    Affected: 60N , < 206 (custom)
        cpe:2.3:o:gehealthcare:vivid_s_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare vivid_t_firmware Affected: T8 , < 206 (custom)
    Affected: T9 , < 206 (custom)
        cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare vivid_iq_firmware Affected: 0 , < 206 (custom)
        cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare invenia_abus_firmware Affected: 1.2.3
        cpe:2.3:o:gehealthcare:invenia_abus_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare invenia_abus_2.0_firmware Affected: 0 , < 2.2.9 (custom)
        cpe:2.3:o:gehealthcare:invenia_abus_2.0_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Andrea Palanca and Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.121Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://securityupdate.gehealthcare.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "venue_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "status": "affected",
                    "version": "R1"
                  },
                  {
                    "status": "affected",
                    "version": "R2"
                  },
                  {
                    "lessThanOrEqual": "R3.3",
                    "status": "affected",
                    "version": "R3",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "R4.2",
                    "status": "affected",
                    "version": "R4",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "venue_go_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "status": "affected",
                    "version": "R2"
                  },
                  {
                    "lessThanOrEqual": "R3.3",
                    "status": "affected",
                    "version": "R3",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "R4.2",
                    "status": "affected",
                    "version": "R4",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "venue_fit_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThanOrEqual": "R3.3",
                    "status": "affected",
                    "version": "R3",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "R4.2",
                    "status": "affected",
                    "version": "R4",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "logiq_e_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThanOrEqual": "R9.1.4",
                    "status": "affected",
                    "version": "R7",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "R10.1.3",
                    "status": "affected",
                    "version": "R8",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "R11.0.2",
                    "status": "affected",
                    "version": "R9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "logiq_he_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThanOrEqual": "R9.3.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vivid_e_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "E95",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "E90",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "E80",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "113.2",
                    "status": "affected",
                    "version": "E9 113.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:vivid_s_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vivid_s_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "70N",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "60N",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vivid_t_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "T8",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "T9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vivid_iq_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:invenia_abus_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "invenia_abus_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.2.3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:invenia_abus_2.0_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "invenia_abus_2.0_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThan": "2.2.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1486",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T14:08:59.014421Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-16T18:15:02.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Venue",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1"
                },
                {
                  "status": "affected",
                  "version": "R2"
                },
                {
                  "lessThanOrEqual": "R3.3",
                  "status": "affected",
                  "version": "R3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "R4.2",
                  "status": "affected",
                  "version": "R4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Venue Go",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "status": "affected",
                  "version": "R2"
                },
                {
                  "lessThanOrEqual": "R3.3",
                  "status": "affected",
                  "version": "R3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "R4.2",
                  "status": "affected",
                  "version": "R4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Venue Fit",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThanOrEqual": "R3.3",
                  "status": "affected",
                  "version": "R3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "R4.2",
                  "status": "affected",
                  "version": "R4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "LOGIQ e",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThanOrEqual": "R9.1.4",
                  "status": "affected",
                  "version": "R7",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "R10.1.3",
                  "status": "affected",
                  "version": "R8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "R11.0.2",
                  "status": "affected",
                  "version": "R9",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "LOGIQ He",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThanOrEqual": "R9.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Vivid E",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "E95",
                  "versionType": "custom"
                },
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "E90",
                  "versionType": "custom"
                },
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "E80",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "113.2",
                  "status": "affected",
                  "version": "E9 113.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Vivid S",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "70N",
                  "versionType": "custom"
                },
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "60N",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Vivid T",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "T8",
                  "versionType": "custom"
                },
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "T9",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Vivid iq",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Invenia ABUS",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Invenia ABUS 2.0",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThan": "2.2.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices"
                }
              ],
              "value": "Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-14T15:10:22.262Z",
            "orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
            "shortName": "GEHC"
          },
          "references": [
            {
              "url": "https://securityupdate.gehealthcare.com/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
        "assignerShortName": "GEHC",
        "cveId": "CVE-2024-1486",
        "datePublished": "2024-05-14T15:10:22.262Z",
        "dateReserved": "2024-02-13T22:34:57.386Z",
        "dateUpdated": "2024-08-16T18:15:02.675Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1486 (GCVE-0-2024-1486)

    Vulnerability from cvelistv5 – Published: 2024-05-14 15:10 – Updated: 2024-08-16 18:15
    VLAI
    Title
    Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
    Summary
    Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    GE HealthCare Venue Affected: R1
    Affected: R2
    Affected: R3 , ≤ R3.3 (custom)
    Affected: R4 , ≤ R4.2 (custom)
    Create a notification for this product.
    GE HealthCare Venue Go Affected: R2
    Affected: R3 , ≤ R3.3 (custom)
    Affected: R4 , ≤ R4.2 (custom)
    Create a notification for this product.
    GE HealthCare Venue Fit Affected: R3 , ≤ R3.3 (custom)
    Affected: R4 , ≤ R4.2 (custom)
    Create a notification for this product.
    GE HealthCare LOGIQ e Affected: R7 , ≤ R9.1.4 (custom)
    Affected: R8 , ≤ R10.1.3 (custom)
    Affected: R9 , ≤ R11.0.2 (custom)
    Create a notification for this product.
    GE HealthCare LOGIQ He Affected: 0 , ≤ R9.3.1 (custom)
    Create a notification for this product.
    GE HealthCare Vivid E Affected: E95 , < 206 (custom)
    Affected: E90 , < 206 (custom)
    Affected: E80 , < 206 (custom)
    Affected: E9 113.2 , ≤ 113.2 (custom)
    Create a notification for this product.
    GE HealthCare Vivid S Affected: 70N , < 206 (custom)
    Affected: 60N , < 206 (custom)
    Create a notification for this product.
    GE HealthCare Vivid T Affected: T8 , < 206 (custom)
    Affected: T9 , < 206 (custom)
    Create a notification for this product.
    GE HealthCare Vivid iq Affected: 0 , < 206 (custom)
    Create a notification for this product.
    GE HealthCare Invenia ABUS Affected: 1.2.3
    Create a notification for this product.
    GE HealthCare Invenia ABUS 2.0 Affected: 0 , < 2.2.9 (custom)
    Create a notification for this product.
    gehealthcare venue_firmware Affected: R1
    Affected: R2
    Affected: R3 , ≤ R3.3 (custom)
    Affected: R4 , ≤ R4.2 (custom)
        cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare venue_go_firmware Affected: R2
    Affected: R3 , ≤ R3.3 (custom)
    Affected: R4 , ≤ R4.2 (custom)
        cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare venue_fit_firmware Affected: R3 , ≤ R3.3 (custom)
    Affected: R4 , ≤ R4.2 (custom)
        cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare logiq_e_firmware Affected: R7 , ≤ R9.1.4 (custom)
    Affected: R8 , ≤ R10.1.3 (custom)
    Affected: R9 , ≤ R11.0.2 (custom)
        cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare logiq_he_firmware Affected: 0 , ≤ R9.3.1 (custom)
        cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare vivid_e_firmware Affected: E95 , < 206 (custom)
    Affected: E90 , < 206 (custom)
    Affected: E80 , < 206 (custom)
    Affected: E9 113.2 , ≤ 113.2 (custom)
        cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare vivid_s_firmware Affected: 70N , < 206 (custom)
    Affected: 60N , < 206 (custom)
        cpe:2.3:o:gehealthcare:vivid_s_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare vivid_t_firmware Affected: T8 , < 206 (custom)
    Affected: T9 , < 206 (custom)
        cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare vivid_iq_firmware Affected: 0 , < 206 (custom)
        cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare invenia_abus_firmware Affected: 1.2.3
        cpe:2.3:o:gehealthcare:invenia_abus_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    gehealthcare invenia_abus_2.0_firmware Affected: 0 , < 2.2.9 (custom)
        cpe:2.3:o:gehealthcare:invenia_abus_2.0_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Andrea Palanca and Gabriele Quagliarella of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.121Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://securityupdate.gehealthcare.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "venue_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "status": "affected",
                    "version": "R1"
                  },
                  {
                    "status": "affected",
                    "version": "R2"
                  },
                  {
                    "lessThanOrEqual": "R3.3",
                    "status": "affected",
                    "version": "R3",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "R4.2",
                    "status": "affected",
                    "version": "R4",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "venue_go_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "status": "affected",
                    "version": "R2"
                  },
                  {
                    "lessThanOrEqual": "R3.3",
                    "status": "affected",
                    "version": "R3",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "R4.2",
                    "status": "affected",
                    "version": "R4",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "venue_fit_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThanOrEqual": "R3.3",
                    "status": "affected",
                    "version": "R3",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "R4.2",
                    "status": "affected",
                    "version": "R4",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "logiq_e_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThanOrEqual": "R9.1.4",
                    "status": "affected",
                    "version": "R7",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "R10.1.3",
                    "status": "affected",
                    "version": "R8",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "R11.0.2",
                    "status": "affected",
                    "version": "R9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "logiq_he_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThanOrEqual": "R9.3.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vivid_e_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "E95",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "E90",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "E80",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "113.2",
                    "status": "affected",
                    "version": "E9 113.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:vivid_s_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vivid_s_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "70N",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "60N",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vivid_t_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "T8",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "T9",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vivid_iq_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThan": "206",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:invenia_abus_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "invenia_abus_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.2.3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:gehealthcare:invenia_abus_2.0_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "invenia_abus_2.0_firmware",
                "vendor": "gehealthcare",
                "versions": [
                  {
                    "lessThan": "2.2.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1486",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T14:08:59.014421Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-16T18:15:02.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Venue",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1"
                },
                {
                  "status": "affected",
                  "version": "R2"
                },
                {
                  "lessThanOrEqual": "R3.3",
                  "status": "affected",
                  "version": "R3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "R4.2",
                  "status": "affected",
                  "version": "R4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Venue Go",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "status": "affected",
                  "version": "R2"
                },
                {
                  "lessThanOrEqual": "R3.3",
                  "status": "affected",
                  "version": "R3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "R4.2",
                  "status": "affected",
                  "version": "R4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Venue Fit",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThanOrEqual": "R3.3",
                  "status": "affected",
                  "version": "R3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "R4.2",
                  "status": "affected",
                  "version": "R4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "LOGIQ e",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThanOrEqual": "R9.1.4",
                  "status": "affected",
                  "version": "R7",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "R10.1.3",
                  "status": "affected",
                  "version": "R8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "R11.0.2",
                  "status": "affected",
                  "version": "R9",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "LOGIQ He",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThanOrEqual": "R9.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Vivid E",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "E95",
                  "versionType": "custom"
                },
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "E90",
                  "versionType": "custom"
                },
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "E80",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "113.2",
                  "status": "affected",
                  "version": "E9 113.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Vivid S",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "70N",
                  "versionType": "custom"
                },
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "60N",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Vivid T",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "T8",
                  "versionType": "custom"
                },
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "T9",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Vivid iq",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThan": "206",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Invenia ABUS",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Invenia ABUS 2.0",
              "vendor": "GE HealthCare",
              "versions": [
                {
                  "lessThan": "2.2.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices"
                }
              ],
              "value": "Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-14T15:10:22.262Z",
            "orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
            "shortName": "GEHC"
          },
          "references": [
            {
              "url": "https://securityupdate.gehealthcare.com/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
        "assignerShortName": "GEHC",
        "cveId": "CVE-2024-1486",
        "datePublished": "2024-05-14T15:10:22.262Z",
        "dateReserved": "2024-02-13T22:34:57.386Z",
        "dateUpdated": "2024-08-16T18:15:02.675Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }