Search criteria
8 vulnerabilities found for optima_mr360_firmware by gehealthcare
CVE-2020-25179 (GCVE-0-2020-25179)
Vulnerability from nvd – Published: 2020-12-14 16:12 – Updated: 2024-08-04 15:26
VLAI?
Summary
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
Severity ?
No CVSS data available.
CWE
- CWE-497 - EXPOSURE OF SENSITIVE SYSTEM INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | GE Healthcare Imaging and Ultrasound Products |
Affected:
MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women’s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 , Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330
Affected: Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575 Affected: Definium 5000, 6000, 8000, AMX 700 Affected: Discovery XR650, XR656, XR656+ Affected: Optima XR640, XR646, XR220amx, XR200amx Affected: Precision 500D, WDR1 Mammography Seno 200D, DS, Essential Affected: Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert & Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GE Healthcare Imaging and Ultrasound Products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 , Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
},
{
"status": "affected",
"version": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
},
{
"status": "affected",
"version": "Definium 5000, 6000, 8000, AMX 700"
},
{
"status": "affected",
"version": "Discovery XR650, XR656, XR656+"
},
{
"status": "affected",
"version": "Optima XR640, XR646, XR220amx, XR200amx"
},
{
"status": "affected",
"version": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
},
{
"status": "affected",
"version": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "EXPOSURE OF SENSITIVE SYSTEM INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T16:12:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GE Healthcare Imaging and Ultrasound Products",
"version": {
"version_data": [
{
"version_value": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 , Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
},
{
"version_value": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
},
{
"version_value": "Definium 5000, 6000, 8000, AMX 700"
},
{
"version_value": "Discovery XR650, XR656, XR656+"
},
{
"version_value": "Optima XR640, XR646, XR220amx, XR200amx"
},
{
"version_value": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
},
{
"version_value": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "EXPOSURE OF SENSITIVE SYSTEM INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25179",
"datePublished": "2020-12-14T16:12:36",
"dateReserved": "2020-09-04T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25175 (GCVE-0-2020-25175)
Vulnerability from nvd – Published: 2020-12-14 16:36 – Updated: 2024-08-04 15:26
VLAI?
Summary
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
Severity ?
No CVSS data available.
CWE
- CWE-523 - UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | GE Healthcare Imaging and Ultrasound Products |
Affected:
MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women’s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0, Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330
Affected: Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575 Affected: Definium 5000, 6000, 8000, AMX 700 Affected: Discovery XR650, XR656, XR656+ Affected: Optima XR640, XR646, XR220amx, XR200amx Affected: Precision 500D, WDR1 Mammography Seno 200D, DS, Essential Affected: Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert & Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870, |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GE Healthcare Imaging and Ultrasound Products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0, Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
},
{
"status": "affected",
"version": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
},
{
"status": "affected",
"version": "Definium 5000, 6000, 8000, AMX 700"
},
{
"status": "affected",
"version": "Discovery XR650, XR656, XR656+"
},
{
"status": "affected",
"version": "Optima XR640, XR646, XR220amx, XR200amx"
},
{
"status": "affected",
"version": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
},
{
"status": "affected",
"version": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870,"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T16:36:24",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GE Healthcare Imaging and Ultrasound Products",
"version": {
"version_data": [
{
"version_value": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0, Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
},
{
"version_value": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
},
{
"version_value": "Definium 5000, 6000, 8000, AMX 700"
},
{
"version_value": "Discovery XR650, XR656, XR656+"
},
{
"version_value": "Optima XR640, XR646, XR220amx, XR200amx"
},
{
"version_value": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
},
{
"version_value": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870,"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25175",
"datePublished": "2020-12-14T16:36:24",
"dateReserved": "2020-09-04T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5308 (GCVE-0-2010-5308)
Vulnerability from nvd – Published: 2015-08-04 10:00 – Updated: 2024-08-07 04:17
VLAI?
Summary
GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/digitalbond/status/619250429751222277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-04T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/digitalbond/status/619250429751222277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5308",
"datePublished": "2015-08-04T10:00:00",
"dateReserved": "2014-09-29T00:00:00",
"dateUpdated": "2024-08-07T04:17:10.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5307 (GCVE-0-2010-5307)
Vulnerability from nvd – Published: 2015-08-04 10:00 – Updated: 2024-08-07 04:17
VLAI?
Summary
The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5307",
"datePublished": "2015-08-04T10:00:00",
"dateReserved": "2014-09-29T00:00:00",
"dateUpdated": "2024-08-07T04:17:10.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25175 (GCVE-0-2020-25175)
Vulnerability from cvelistv5 – Published: 2020-12-14 16:36 – Updated: 2024-08-04 15:26
VLAI?
Summary
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
Severity ?
No CVSS data available.
CWE
- CWE-523 - UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | GE Healthcare Imaging and Ultrasound Products |
Affected:
MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women’s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0, Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330
Affected: Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575 Affected: Definium 5000, 6000, 8000, AMX 700 Affected: Discovery XR650, XR656, XR656+ Affected: Optima XR640, XR646, XR220amx, XR200amx Affected: Precision 500D, WDR1 Mammography Seno 200D, DS, Essential Affected: Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert & Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870, |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GE Healthcare Imaging and Ultrasound Products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0, Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
},
{
"status": "affected",
"version": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
},
{
"status": "affected",
"version": "Definium 5000, 6000, 8000, AMX 700"
},
{
"status": "affected",
"version": "Discovery XR650, XR656, XR656+"
},
{
"status": "affected",
"version": "Optima XR640, XR646, XR220amx, XR200amx"
},
{
"status": "affected",
"version": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
},
{
"status": "affected",
"version": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870,"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T16:36:24",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GE Healthcare Imaging and Ultrasound Products",
"version": {
"version_data": [
{
"version_value": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0, Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
},
{
"version_value": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
},
{
"version_value": "Definium 5000, 6000, 8000, AMX 700"
},
{
"version_value": "Discovery XR650, XR656, XR656+"
},
{
"version_value": "Optima XR640, XR646, XR220amx, XR200amx"
},
{
"version_value": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
},
{
"version_value": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870,"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25175",
"datePublished": "2020-12-14T16:36:24",
"dateReserved": "2020-09-04T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25179 (GCVE-0-2020-25179)
Vulnerability from cvelistv5 – Published: 2020-12-14 16:12 – Updated: 2024-08-04 15:26
VLAI?
Summary
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
Severity ?
No CVSS data available.
CWE
- CWE-497 - EXPOSURE OF SENSITIVE SYSTEM INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | GE Healthcare Imaging and Ultrasound Products |
Affected:
MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women’s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 , Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330
Affected: Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575 Affected: Definium 5000, 6000, 8000, AMX 700 Affected: Discovery XR650, XR656, XR656+ Affected: Optima XR640, XR646, XR220amx, XR200amx Affected: Precision 500D, WDR1 Mammography Seno 200D, DS, Essential Affected: Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert & Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GE Healthcare Imaging and Ultrasound Products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 , Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
},
{
"status": "affected",
"version": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
},
{
"status": "affected",
"version": "Definium 5000, 6000, 8000, AMX 700"
},
{
"status": "affected",
"version": "Discovery XR650, XR656, XR656+"
},
{
"status": "affected",
"version": "Optima XR640, XR646, XR220amx, XR200amx"
},
{
"status": "affected",
"version": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
},
{
"status": "affected",
"version": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "EXPOSURE OF SENSITIVE SYSTEM INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T16:12:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GE Healthcare Imaging and Ultrasound Products",
"version": {
"version_data": [
{
"version_value": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 , Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
},
{
"version_value": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
},
{
"version_value": "Definium 5000, 6000, 8000, AMX 700"
},
{
"version_value": "Discovery XR650, XR656, XR656+"
},
{
"version_value": "Optima XR640, XR646, XR220amx, XR200amx"
},
{
"version_value": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
},
{
"version_value": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "EXPOSURE OF SENSITIVE SYSTEM INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25179",
"datePublished": "2020-12-14T16:12:36",
"dateReserved": "2020-09-04T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5307 (GCVE-0-2010-5307)
Vulnerability from cvelistv5 – Published: 2015-08-04 10:00 – Updated: 2024-08-07 04:17
VLAI?
Summary
The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5307",
"datePublished": "2015-08-04T10:00:00",
"dateReserved": "2014-09-29T00:00:00",
"dateUpdated": "2024-08-07T04:17:10.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5308 (GCVE-0-2010-5308)
Vulnerability from cvelistv5 – Published: 2015-08-04 10:00 – Updated: 2024-08-07 04:17
VLAI?
Summary
GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/digitalbond/status/619250429751222277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-04T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/digitalbond/status/619250429751222277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5308",
"datePublished": "2015-08-04T10:00:00",
"dateReserved": "2014-09-29T00:00:00",
"dateUpdated": "2024-08-07T04:17:10.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}