Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for venue_go_firmware by ge

    CVE-2020-6977 (GCVE-0-2020-6977)

    Vulnerability from nvd – Published: 2020-02-20 20:45 – Updated: 2024-08-04 09:18
    VLAI
    Summary
    A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5
    Severity
    No CVSS data available.
    CWE
    • CWE-693 - PROTECTIONS MECHANISM FAILURE CWE-693
    Assigner
    References
    Impacted products
    Vendor Product Version
    GE GE Ultrasound Products Affected: Vivid products - all versions
    Affected: LOGIQ - all versions not including LOGIQ 100 Pro
    Affected: Voluson - all versions
    Affected: Versana Essential - all versions
    Affected: Invenia ABUS Scan station - all versions
    Affected: Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:03.015Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsma-20-049-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Ultrasound Products",
              "vendor": "GE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Vivid products - all versions"
                },
                {
                  "status": "affected",
                  "version": "LOGIQ - all versions not including LOGIQ 100 Pro"
                },
                {
                  "status": "affected",
                  "version": "Voluson - all versions"
                },
                {
                  "status": "affected",
                  "version": "Versana Essential - all versions"
                },
                {
                  "status": "affected",
                  "version": "Invenia ABUS Scan station - all versions"
                },
                {
                  "status": "affected",
                  "version": "Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "PROTECTIONS MECHANISM FAILURE CWE-693",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-20T20:45:29.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsma-20-049-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-6977",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Ultrasound Products",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Vivid products - all versions"
                              },
                              {
                                "version_value": "LOGIQ - all versions not including LOGIQ 100 Pro"
                              },
                              {
                                "version_value": "Voluson - all versions"
                              },
                              {
                                "version_value": "Versana Essential - all versions"
                              },
                              {
                                "version_value": "Invenia ABUS Scan station - all versions"
                              },
                              {
                                "version_value": "Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "PROTECTIONS MECHANISM FAILURE CWE-693"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsma-20-049-02",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsma-20-049-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-6977",
        "datePublished": "2020-02-20T20:45:29.000Z",
        "dateReserved": "2020-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:18:03.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6977 (GCVE-0-2020-6977)

    Vulnerability from cvelistv5 – Published: 2020-02-20 20:45 – Updated: 2024-08-04 09:18
    VLAI
    Summary
    A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5
    Severity
    No CVSS data available.
    CWE
    • CWE-693 - PROTECTIONS MECHANISM FAILURE CWE-693
    Assigner
    References
    Impacted products
    Vendor Product Version
    GE GE Ultrasound Products Affected: Vivid products - all versions
    Affected: LOGIQ - all versions not including LOGIQ 100 Pro
    Affected: Voluson - all versions
    Affected: Versana Essential - all versions
    Affected: Invenia ABUS Scan station - all versions
    Affected: Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:03.015Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsma-20-049-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Ultrasound Products",
              "vendor": "GE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Vivid products - all versions"
                },
                {
                  "status": "affected",
                  "version": "LOGIQ - all versions not including LOGIQ 100 Pro"
                },
                {
                  "status": "affected",
                  "version": "Voluson - all versions"
                },
                {
                  "status": "affected",
                  "version": "Versana Essential - all versions"
                },
                {
                  "status": "affected",
                  "version": "Invenia ABUS Scan station - all versions"
                },
                {
                  "status": "affected",
                  "version": "Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "PROTECTIONS MECHANISM FAILURE CWE-693",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-20T20:45:29.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsma-20-049-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-6977",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Ultrasound Products",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Vivid products - all versions"
                              },
                              {
                                "version_value": "LOGIQ - all versions not including LOGIQ 100 Pro"
                              },
                              {
                                "version_value": "Voluson - all versions"
                              },
                              {
                                "version_value": "Versana Essential - all versions"
                              },
                              {
                                "version_value": "Invenia ABUS Scan station - all versions"
                              },
                              {
                                "version_value": "Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "PROTECTIONS MECHANISM FAILURE CWE-693"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsma-20-049-02",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsma-20-049-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-6977",
        "datePublished": "2020-02-20T20:45:29.000Z",
        "dateReserved": "2020-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:18:03.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }