Find a vulnerability
Search criteria
49 vulnerabilities by GE Healthcare
VAR-201508-0005
Vulnerability from variot - Updated: 2025-04-13 23:39GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdown user, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC, and MyoSIGHT are all scanning cameras for the medical industry from General Electric (GE).
There are security vulnerabilities in several GE products. An attacker could use this vulnerability to control the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "millennium mg",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "millennium nc",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "millennium myosight",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "millennium mg",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "millennium myosight",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "millennium nc",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "healthcare millennium mg/nc/myosight",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "millennium myosight",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "millennium nc",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "millennium mg",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "millennium nc",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "millennium myosight",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "millennium mg",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"db": "BID",
"id": "86877"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:millennium_mg_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:millennium_myosight_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:millennium_nc_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "86877"
}
],
"trust": 0.3
},
"cve": "CVE-2002-2445",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-2445",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05133",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2445",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2002-2445",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05133",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-013",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2002-2445",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"db": "VULMON",
"id": "CVE-2002-2445"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) \"service.\" for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdown user, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC, and MyoSIGHT are all scanning cameras for the medical industry from General Electric (GE). \n\nThere are security vulnerabilities in several GE products. An attacker could use this vulnerability to control the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2445"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"db": "BID",
"id": "86877"
},
{
"db": "VULMON",
"id": "CVE-2002-2445"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-2445",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05133",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-013",
"trust": 0.6
},
{
"db": "BID",
"id": "86877",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2002-2445",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"db": "VULMON",
"id": "CVE-2002-2445"
},
{
"db": "BID",
"id": "86877"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"id": "VAR-201508-0005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
}
]
},
"last_update_date": "2025-04-13T23:39:37.898000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Millennium MyoSIGHT Nuclear Medicine Imaging System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA\u0026DIRECTION=2354459-100\u0026FILENAME=2354459-100.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"title": "Millenium MG \u0026 MC Nuclear Medicine Imaging System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA\u0026DIRECTION=2338955-100\u0026FILENAME=2338955-100.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.0,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2338955-100.pdf?req=raa\u0026direction=2338955-100\u0026filename=2338955-100.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 2.0,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2354459-100.pdf?req=raa\u0026direction=2354459-100\u0026filename=2354459-100.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 2.0,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-2445"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2002-2445"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/86877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"db": "VULMON",
"id": "CVE-2002-2445"
},
{
"db": "BID",
"id": "86877"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"db": "VULMON",
"id": "CVE-2002-2445"
},
{
"db": "BID",
"id": "86877"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2002-2445"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "86877"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"date": "2015-08-04T14:59:01.817000",
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"date": "2015-09-03T00:00:00",
"db": "VULMON",
"id": "CVE-2002-2445"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "86877"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural GE Healthcare Millennium Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
}
],
"trust": 0.6
}
}
VAR-201508-0152
Vulnerability from variot - Updated: 2025-04-13 23:39The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Centricity DMS is a cardiology clinical education data management system for the medical industry from General Electric (GE). An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity dms",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.2"
},
{
"model": "centricity cardiology data management system",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.2"
},
{
"model": "centricity dms",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gehealthcare:centricity_dms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76166"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7405",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-7405",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05138",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7405",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-7405",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05138",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-033",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2013-7405",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Centricity DMS is a cardiology clinical education data management system for the medical industry from General Electric (GE). An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7405"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7405",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05138",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033",
"trust": 0.6
},
{
"db": "BID",
"id": "76166",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2013-7405",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"id": "VAR-201508-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
}
]
},
"last_update_date": "2025-04-13T23:39:37.837000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity* Cardiology Data Management System DMS Admin. - v. 4.2 Master Trainer Guide",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/0908141_DMS%204.2%20MTG.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=0908141\u0026FILENAME=0908141_DMS+4.2+MTG.pdf\u0026FILEREV=D\u0026DOCREV_ORG=D\u0026SUBMIT=+ACCEPT+"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms+4.2+mtg.pdf?req=raa\u0026direction=0908141\u0026filename=0908141_dms%2b4.2%2bmtg.pdf\u0026filerev=d\u0026docrev_org=d"
},
{
"trust": 1.7,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7405"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7405"
},
{
"trust": 0.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms+4.2+mtg.pdf?req=raa\u0026amp;direction=0908141\u0026amp;filename=0908141_dms%2b4.2%2bmtg.pdf\u0026amp;filerev=d\u0026amp;docrev_org=d"
},
{
"trust": 0.3,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms%204.2%20mtg.pdf?docclass=a\u0026req=rac\u0026direction=0908141\u0026filename=0908141_dms+4.2+mtg.pdf\u0026filerev=d\u0026docrev_org=d\u0026submit=+accept+"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76166"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"date": "2015-08-04T14:59:22.643000",
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76166"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity DMS Ad Hoc Reporting Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
],
"trust": 0.6
}
}
VAR-201508-0010
Vulnerability from variot - Updated: 2025-04-13 23:37GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default. GE Healthcare Optima MR360 is a magnetic resonance imaging (MRI) system for the medical industry. An attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "optima mr360",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "optima mr360",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "optima mr360",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "optima mr360",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"db": "BID",
"id": "76260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:optima_mr360_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76260"
}
],
"trust": 0.3
},
"cve": "CVE-2010-5308",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-5308",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05172",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-47913",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-5308",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-5308",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05172",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-022",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-47913",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"db": "VULHUB",
"id": "VHN-47913"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default. GE Healthcare Optima MR360 is a magnetic resonance imaging (MRI) system for the medical industry. \nAn attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5308"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"db": "BID",
"id": "76260"
},
{
"db": "VULHUB",
"id": "VHN-47913"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-5308",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-022",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05172",
"trust": 0.6
},
{
"db": "BID",
"id": "76260",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-47913",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"db": "VULHUB",
"id": "VHN-47913"
},
{
"db": "BID",
"id": "76260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"id": "VAR-201508-0010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-47913"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:37:31.686000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Optima MR360 1.5T MR system Operator Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360%20operator%20manual%20paper.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360+operator+manual+paper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4\u0026SUBMIT=+ACCEPT+"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47913"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.0,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026direction=5339461-1en\u0026filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5308"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5308"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.3,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360%20operator%20manual%20paper.pdf?docclass=a\u0026req=rac\u0026direction=5339461-1en\u0026filename=mr360+operator+manual+paper.pdf\u0026filerev=4\u0026docrev_org=4\u0026submit"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026amp;direction=5339461-1en\u0026amp;filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"db": "VULHUB",
"id": "VHN-47913"
},
{
"db": "BID",
"id": "76260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"db": "VULHUB",
"id": "VHN-47913"
},
{
"db": "BID",
"id": "76260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-47913"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76260"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"date": "2015-08-04T14:59:11.503000",
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"date": "2015-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-47913"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76260"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"date": "2015-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Optima MR360 Vulnerabilities to gain access to",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
}
],
"trust": 0.6
}
}
VAR-201508-0013
Vulnerability from variot - Updated: 2025-04-13 23:18GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors. GE Healthcare Infinia II is a dual detector imaging system for the medical industry at General Electric (GE). An attacker could exploit this vulnerability to control the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0013",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "infinia ii",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "infinia ii",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "healthcare infinia ii",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "infinia ii",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "infinia ii",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "BID",
"id": "76179"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:infinia_ii_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76179"
}
],
"trust": 0.3
},
"cve": "CVE-2006-7253",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-7253",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05143",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-7253",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-7253",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05143",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-017",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors. GE Healthcare Infinia II is a dual detector imaging system for the medical industry at General Electric (GE). An attacker could exploit this vulnerability to control the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-7253"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "BID",
"id": "76179"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-7253",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05143",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017",
"trust": 0.6
},
{
"db": "BID",
"id": "76179",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "BID",
"id": "76179"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"id": "VAR-201508-0013",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
}
]
},
"last_update_date": "2025-04-13T23:18:04.830000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Infinia II System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/H-xw4100+Workstation.pdf?REQ=RAA\u0026DIRECTION=2411012-100\u0026FILENAME=H-xw4100%2BWorkstation.pdf\u0026FILEREV=6\u0026DOCREV_ORG=6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.6,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/h-xw4100+workstation.pdf?req=raa\u0026direction=2411012-100\u0026filename=h-xw4100%2bworkstation.pdf\u0026filerev=6\u0026docrev_org=6"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7253"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-7253"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/products/categories/goldseal_-_refurbished_systems/goldseal_nuclear_medicine/goldseal_infinia_ii"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "BID",
"id": "76179"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "BID",
"id": "76179"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76179"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"date": "2015-08-04T14:59:06.237000",
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76179"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Infinia II Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
}
],
"trust": 0.6
}
}
VAR-201508-0526
Vulnerability from variot - Updated: 2025-04-13 23:14GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0526",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity clinical archive audit trail repository",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "centricity clinical archive audit trail repository",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "centricity clinical archive audit trail repository",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "centricity clinical archive audit trail repository",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "electric healthcare centricity clinical archive audit trail repository",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"db": "BID",
"id": "76164"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gehealthcare:centricity_clinical_archive_audit_trail_repository",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven of Protiviti.",
"sources": [
{
"db": "BID",
"id": "76164"
}
],
"trust": 0.3
},
"cve": "CVE-2014-9736",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9736",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05134",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9736",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9736",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05134",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-037",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors. An attacker could use this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9736"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"db": "BID",
"id": "76164"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9736",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05134",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-037",
"trust": 0.6
},
{
"db": "BID",
"id": "76164",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"db": "BID",
"id": "76164"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"id": "VAR-201508-0526",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
}
]
},
"last_update_date": "2025-04-13T23:14:30.581000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Audit Trail Repository Installation and Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/DOC1474072_ATR_InstSvcMan.pdf?REQ=RAA\u0026DIRECTION=DOC1474072\u0026FILENAME=DOC1474072_ATR_InstSvcMan.pdf\u0026FILEREV=--\u0026DOCREV_ORG=--"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.9,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/doc1474072_atr_instsvcman.pdf?req=raa\u0026direction=doc1474072\u0026filename=doc1474072_atr_instsvcman.pdf\u0026filerev=--\u0026docrev_org=--"
},
{
"trust": 1.2,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/doc1474072_atr_instsvcman.pdf?req=raa\u0026amp;direction=doc1474072\u0026amp;filename=doc1474072_atr_instsvcman.pdf\u0026amp;filerev=--\u0026amp;docrev_org=--"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9736"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9736"
},
{
"trust": 0.3,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/doc1474072_atr_instsvcman.pdf?req=raa\u0026direction=doc1474072\u0026filename=doc1474072_atr_instsvcman.pdf\u0026filerev=--\u0026docrev_org=-- "
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"db": "BID",
"id": "76164"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"db": "BID",
"id": "76164"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76164"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"date": "2015-08-04T14:59:26.720000",
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76164"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity Clinical Archive Audit Trail Repository Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
}
],
"trust": 0.6
}
}
VAR-201508-0151
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The GE Healthcare Discovery NM 750b is a high-end molecular mammography device for the medical industry at General Electric (GE). An attacker could exploit this vulnerability to control the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0151",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "discovery nm 750b",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "discovery nm 750b",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "discovery nm 750b",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "discovery nm 750b",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "discovery nm 750b",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "BID",
"id": "76168"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:gehealthcare:discovery_nm_750b",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76168"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7404",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-7404",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05139",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7404",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-7404",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05139",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-032",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2013-7404",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "VULMON",
"id": "CVE-2013-7404"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The GE Healthcare Discovery NM 750b is a high-end molecular mammography device for the medical industry at General Electric (GE). An attacker could exploit this vulnerability to control the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7404"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "BID",
"id": "76168"
},
{
"db": "VULMON",
"id": "CVE-2013-7404"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7404",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05139",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032",
"trust": 0.6
},
{
"db": "BID",
"id": "76168",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2013-7404",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "VULMON",
"id": "CVE-2013-7404"
},
{
"db": "BID",
"id": "76168"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"id": "VAR-201508-0151",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
}
]
},
"last_update_date": "2025-04-13T23:04:05.996000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Discovery NM 750b Nuclear Medicine Imaging Systems Installation Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5411136-1EN\u0026FILENAME=5411136-1EN_r3.pdf\u0026FILEREV=3\u0026DOCREV_ORG=3\u0026SUBMIT=+ACCEPT+"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.3,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5411136-1en_r3.pdf?req=raa\u0026direction=5411136-1en\u0026filename=5411136-1en_r3.pdf\u0026filerev=3\u0026docrev_org=3"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7404"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7404"
},
{
"trust": 0.3,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms%204.2%20mtg.pdf?docclass=a\u0026req=rac\u0026direction=0908141\u0026filename=0908141_dms+4.2+mtg.pdf\u0026filerev=d\u0026docrev_org=d\u0026submit=+accept+"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "VULMON",
"id": "CVE-2013-7404"
},
{
"db": "BID",
"id": "76168"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "VULMON",
"id": "CVE-2013-7404"
},
{
"db": "BID",
"id": "76168"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7404"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76168"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"date": "2015-08-04T14:59:21.673000",
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7404"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76168"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery NM 750b Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
}
],
"trust": 0.6
}
}
VAR-201508-0275
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. (1) For admin users CANal1 password (2) IIS For users iis password It is unknown whether this password is default, hard-coded, or dependent on other systems or products that require a fixed value.It may be subject to unspecified effects and attacks. An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0275",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 2.2,
"vendor": "gehealthcare",
"version": "4.0.1"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 2.2,
"vendor": "gehealthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0.1"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gehealthcare:centricity_pacs_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
}
],
"trust": 1.2
},
"cve": "CVE-2013-7442",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-7442",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05137",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7442",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-7442",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05137",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-034",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2013-7442",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "VULMON",
"id": "CVE-2013-7442"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. (1) For admin users CANal1 password (2) IIS For users iis password It is unknown whether this password is default, hard-coded, or dependent on other systems or products that require a fixed value.It may be subject to unspecified effects and attacks. An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7442"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
},
{
"db": "VULMON",
"id": "CVE-2013-7442"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7442",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.9
},
{
"db": "BID",
"id": "76169",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05137",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034",
"trust": 0.6
},
{
"db": "BID",
"id": "76178",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2013-7442",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "VULMON",
"id": "CVE-2013-7442"
},
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"id": "VAR-201508-0275",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
}
]
},
"last_update_date": "2025-04-13T23:04:05.950000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0 Release)",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
},
{
"title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0.1 Release)",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.4,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 1.2,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 1.1,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?req=raa\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7442"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7442"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/76169"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "VULMON",
"id": "CVE-2013-7442"
},
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "VULMON",
"id": "CVE-2013-7442"
},
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7442"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76178"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76169"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"date": "2015-08-04T14:59:23.657000",
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7442"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76178"
},
{
"date": "2019-04-12T17:00:00",
"db": "BID",
"id": "76169"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"date": "2019-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Workstation Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
}
],
"trust": 0.6
}
}
VAR-201508-0009
Vulnerability from variot - Updated: 2025-04-13 23:04The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0009",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "optima mr360",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "optima mr360",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "optima mr360",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "optima mr360",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"db": "BID",
"id": "76248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:optima_mr360_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76248"
}
],
"trust": 0.3
},
"cve": "CVE-2010-5307",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-5307",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05173",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-47912",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-5307",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-5307",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05173",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-021",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-47912",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"db": "VULHUB",
"id": "VHN-47912"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5307"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"db": "BID",
"id": "76248"
},
{
"db": "VULHUB",
"id": "VHN-47912"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-5307",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-021",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05173",
"trust": 0.6
},
{
"db": "BID",
"id": "76248",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-47912",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"db": "VULHUB",
"id": "VHN-47912"
},
{
"db": "BID",
"id": "76248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"id": "VAR-201508-0009",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-47912"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:04:05.910000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Optima MR360 1.5T MR system Operator Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47912"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.7,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026direction=5339461-1en\u0026filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5307"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5307"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026amp;direction=5339461-1en\u0026amp;filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"db": "VULHUB",
"id": "VHN-47912"
},
{
"db": "BID",
"id": "76248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"db": "VULHUB",
"id": "VHN-47912"
},
{
"db": "BID",
"id": "76248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-47912"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76248"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"date": "2015-08-04T14:59:10.517000",
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-47912"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76248"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"date": "2015-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Optima MR360 of HIPAA Vulnerability in configuration interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
}
],
"trust": 0.6
}
}
VAR-201508-0003
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors. GE Healthcare Discovery VH is a dual-detection gamma camera from General Electric (GE) of the United States for full-body scanning of patients in the medical industry and providing superior image quality. An attacker could exploit this vulnerability to control the device. GE Healthcare Discovery VH is prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "discovery vh",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "discovery vh",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "healthcare discovery vh",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "discovery vh",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "BID",
"id": "76278"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:discovery_vh",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76278"
}
],
"trust": 0.3
},
"cve": "CVE-2003-1603",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2003-1603",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05145",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-1603",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2003-1603",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05145",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-015",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) \"2\" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors. GE Healthcare Discovery VH is a dual-detection gamma camera from General Electric (GE) of the United States for full-body scanning of patients in the medical industry and providing superior image quality. An attacker could exploit this vulnerability to control the device. GE Healthcare Discovery VH is prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1603"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "BID",
"id": "76278"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-1603",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05145",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015",
"trust": 0.6
},
{
"db": "BID",
"id": "76278",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "BID",
"id": "76278"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"id": "VAR-201508-0003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
}
]
},
"last_update_date": "2025-04-13T23:04:05.877000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Discovery VH System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA\u0026DIRECTION=2337093-100\u0026FILENAME=2337093-100.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2337093-100.pdf?req=raa\u0026direction=2337093-100\u0026filename=2337093-100.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 1.6,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-1603"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2003-1603"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "BID",
"id": "76278"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "BID",
"id": "76278"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76278"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"date": "2015-08-04T14:59:04.127000",
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76278"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery VH Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
}
],
"trust": 0.6
}
}
VAR-201508-0020
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The vulnerability stems from the ddpadmin user using 'ddpadmin' as the password. An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0020",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.0.1"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0.1"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"db": "BID",
"id": "76172"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gehealthcare:centricity_pacs_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76172"
}
],
"trust": 0.3
},
"cve": "CVE-2012-6695",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6695",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05140",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6695",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-6695",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05140",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-031",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The vulnerability stems from the ddpadmin user using \u0027ddpadmin\u0027 as the password. An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6695"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"db": "BID",
"id": "76172"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6695",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05140",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-031",
"trust": 0.6
},
{
"db": "BID",
"id": "76172",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"db": "BID",
"id": "76172"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"id": "VAR-201508-0020",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
}
]
},
"last_update_date": "2025-04-13T23:04:05.845000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0 Release)",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
},
{
"title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0.1 Release)",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.2,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?req=raa\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6695"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6695"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"db": "BID",
"id": "76172"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"db": "BID",
"id": "76172"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76172"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"date": "2015-08-04T14:59:20.597000",
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76172"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Vulnerability in workstation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
}
],
"trust": 0.6
}
}
VAR-201508-0011
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging.
GE Healthcare CADStream Server has built-in accounts. The admin uses a 'confirma' password, allowing remote attackers to use these accounts to control the device. An attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0011",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cadstream server",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "cadstream server",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "cadstream server",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "cadstream server",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:cadstream_server_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76185"
}
],
"trust": 0.3
},
"cve": "CVE-2010-5309",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-5309",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05171",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-47914",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-5309",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-5309",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05171",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-023",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-47914",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2010-5309",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. \n\nGE Healthcare CADStream Server has built-in accounts. The admin uses a \u0027confirma\u0027 password, allowing remote attackers to use these accounts to control the device. \nAn attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5309"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-5309",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05171",
"trust": 0.6
},
{
"db": "BID",
"id": "76185",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-47914",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2010-5309",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"id": "VAR-201508-0011",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-47914"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:04:05.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Optima MR360 1.5T MR system Operator Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.8,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026direction=5339461-1en\u0026filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5309"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5309"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026amp;direction=5339461-1en\u0026amp;filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-47914"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76185"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"date": "2015-08-04T14:59:12.457000",
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-47914"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76185"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"date": "2015-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare CADStream Server Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
}
],
"trust": 0.6
}
}
VAR-201508-0018
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. GE Healthcare Centricity PACS is the company's image archiving and transmission system for the medical industry. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity pacs server",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"db": "BID",
"id": "76183"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gehealthcare:centricity_pacs_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76183"
}
],
"trust": 0.3
},
"cve": "CVE-2012-6693",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6693",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05168",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6693",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-6693",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05168",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-029",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. GE Healthcare Centricity PACS is the company\u0027s image archiving and transmission system for the medical industry. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6693"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"db": "BID",
"id": "76183"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6693",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05168",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-029",
"trust": 0.6
},
{
"db": "BID",
"id": "76183",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"db": "BID",
"id": "76183"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"id": "VAR-201508-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-04-13T23:04:05.717000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity PACS Workstation Installation and Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
},
{
"title": "Centricity PACS Servers Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C4x_SRV_SVC_2063464-001r2.pdf?REQ=RAA\u0026DIRECTION=2063464-001\u0026FILENAME=C4x_SRV_SVC_2063464-001r2.pdf\u0026FILEREV=2\u0026DOCREV_ORG=2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.6,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c4x_srv_svc_2063464-001r2.pdf?req=raa\u0026direction=2063464-001\u0026filename=c4x_srv_svc_2063464-001r2.pdf\u0026filerev=2\u0026docrev_org=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6693"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6693"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.in/en/products/categories/healthcare_it/medical_imaging_informatics_-_ris-pacs-cvis/centricity_pacs"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"db": "BID",
"id": "76183"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"db": "BID",
"id": "76183"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76183"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"date": "2015-08-04T14:59:18.643000",
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76183"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Server vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
}
],
"trust": 0.6
}
}
VAR-201508-0006
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC and MyoSIGHT are all US Scandinavian (GE) scanning camera products for the medical industry. An attacker could exploit this vulnerability to control the device. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "millennium myosight",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "millennium nc",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "millennium mg",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "millennium mg",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "millennium myosight",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "millennium nc",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "healthcare millennium mg/nc/myosight",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "millennium nc",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "millennium myosight",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "millennium mg",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "BID",
"id": "76277"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:millennium_mg_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:millennium_myosight_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:millennium_nc_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven of Protiviti.",
"sources": [
{
"db": "BID",
"id": "76277"
}
],
"trust": 0.3
},
"cve": "CVE-2002-2446",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-2446",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05132",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-6829",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2446",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2002-2446",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05132",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-014",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-6829",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2002-2446",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "VULHUB",
"id": "VHN-6829"
},
{
"db": "VULMON",
"id": "CVE-2002-2446"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC and MyoSIGHT are all US Scandinavian (GE) scanning camera products for the medical industry. An attacker could exploit this vulnerability to control the device. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2446"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "BID",
"id": "76277"
},
{
"db": "VULHUB",
"id": "VHN-6829"
},
{
"db": "VULMON",
"id": "CVE-2002-2446"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-2446",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05132",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-014",
"trust": 0.6
},
{
"db": "BID",
"id": "76277",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-6829",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2002-2446",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "VULHUB",
"id": "VHN-6829"
},
{
"db": "VULMON",
"id": "CVE-2002-2446"
},
{
"db": "BID",
"id": "76277"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"id": "VAR-201508-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "VULHUB",
"id": "VHN-6829"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
}
]
},
"last_update_date": "2025-04-13T23:04:05.648000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Millennium MyoSIGHT Nuclear Medicine Imaging System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA\u0026DIRECTION=2354459-100\u0026FILENAME=2354459-100.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"title": "Millenium MG \u0026 MC Nuclear Medicine Imaging System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA\u0026DIRECTION=2338955-100\u0026FILENAME=2338955-100.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6829"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.4,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2338955-100.pdf?req=raa\u0026direction=2338955-100\u0026filename=2338955-100.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2354459-100.pdf?req=raa\u0026direction=2354459-100\u0026filename=2354459-100.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-2446"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2002-2446"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2338955-100.pdf?req=raa\u0026amp;direction=2338955-100\u0026amp;filename=2338955-100.pdf\u0026amp;filerev=1\u0026amp;docrev_org=1"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2354459-100.pdf?req=raa\u0026amp;direction=2354459-100\u0026amp;filename=2354459-100.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76277"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "VULHUB",
"id": "VHN-6829"
},
{
"db": "VULMON",
"id": "CVE-2002-2446"
},
{
"db": "BID",
"id": "76277"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "VULHUB",
"id": "VHN-6829"
},
{
"db": "VULMON",
"id": "CVE-2002-2446"
},
{
"db": "BID",
"id": "76277"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-6829"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2002-2446"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76277"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"date": "2015-08-04T14:59:02.877000",
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-6829"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2002-2446"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76277"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural GE Healthcare Millennium Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
}
],
"trust": 0.6
}
}
VAR-201508-0007
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity image vault",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "centricity cardiology image vault",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "3.x"
},
{
"model": "healthcare centricity image vault",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "centricity image vault",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "centricity image vault",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "BID",
"id": "76279"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:centricity_image_vault_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven of Protiviti.",
"sources": [
{
"db": "BID",
"id": "76279"
}
],
"trust": 0.3
},
"cve": "CVE-2004-2777",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-2777",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05144",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-11205",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-2777",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2004-2777",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05144",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-016",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-11205",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2004-2777",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "VULHUB",
"id": "VHN-11205"
},
{
"db": "VULMON",
"id": "CVE-2004-2777"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2777"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "BID",
"id": "76279"
},
{
"db": "VULHUB",
"id": "VHN-11205"
},
{
"db": "VULMON",
"id": "CVE-2004-2777"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-2777",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05144",
"trust": 0.6
},
{
"db": "BID",
"id": "76279",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-11205",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2004-2777",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "VULHUB",
"id": "VHN-11205"
},
{
"db": "VULMON",
"id": "CVE-2004-2777"
},
{
"db": "BID",
"id": "76279"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"id": "VAR-201508-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "VULHUB",
"id": "VHN-11205"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
}
]
},
"last_update_date": "2025-04-13T23:04:05.610000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity Cardiology Image Vault Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA\u0026DIRECTION=2010564-002\u0026FILENAME=2010564-002E.pdf\u0026FILEREV=E\u0026DOCREV_ORG=E"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11205"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 2.0,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2010564-002e.pdf?req=raa\u0026direction=2010564-002\u0026filename=2010564-002e.pdf\u0026filerev=e\u0026docrev_org=e"
},
{
"trust": 1.8,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-2777"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2004-2777"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2010564-002e.pdf?req=raa\u0026amp;direction=2010564-002\u0026amp;filename=2010564-002e.pdf\u0026amp;filerev=e\u0026amp;docrev_org=e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76279"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "VULHUB",
"id": "VHN-11205"
},
{
"db": "VULMON",
"id": "CVE-2004-2777"
},
{
"db": "BID",
"id": "76279"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "VULHUB",
"id": "VHN-11205"
},
{
"db": "VULMON",
"id": "CVE-2004-2777"
},
{
"db": "BID",
"id": "76279"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-11205"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2004-2777"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76279"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"date": "2015-08-04T14:59:05.237000",
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-11205"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2004-2777"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76279"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity Image Vault Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
}
],
"trust": 0.6
}
}
VAR-201508-0001
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0001",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity dms",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.2"
},
{
"model": "centricity dms",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.1"
},
{
"model": "centricity dms",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.0"
},
{
"model": "centricity cardiology data management system",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0"
},
{
"model": "centricity cardiology data management system",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.1"
},
{
"model": "centricity cardiology data management system",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.2"
},
{
"model": "healthcare centricity dms",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "BID",
"id": "76263"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:centricity_dms_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven of Protiviti.",
"sources": [
{
"db": "BID",
"id": "76263"
}
],
"trust": 0.3
},
"cve": "CVE-2007-6757",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-6757",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05142",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-30119",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-6757",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-6757",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05142",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-018",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-30119",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2007-6757",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "VULHUB",
"id": "VHN-30119"
},
{
"db": "VULMON",
"id": "CVE-2007-6757"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6757"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "BID",
"id": "76263"
},
{
"db": "VULHUB",
"id": "VHN-30119"
},
{
"db": "VULMON",
"id": "CVE-2007-6757"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6757",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05142",
"trust": 0.6
},
{
"db": "BID",
"id": "76263",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-30119",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2007-6757",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "VULHUB",
"id": "VHN-30119"
},
{
"db": "VULMON",
"id": "CVE-2007-6757"
},
{
"db": "BID",
"id": "76263"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"id": "VAR-201508-0001",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "VULHUB",
"id": "VHN-30119"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
}
]
},
"last_update_date": "2025-04-13T23:04:05.572000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity Cardiology Data Management System System Management Manual Software Version 4.1",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2019295-133G.pdf?REQ=RAA\u0026DIRECTION=2019295-133\u0026FILENAME=2019295-133G.pdf\u0026FILEREV=G\u0026DOCREV_ORG=G"
},
{
"title": "Centricity Cardiology Data Management System System Management Manual Software Version 4.0",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2019295-133D.pdf?REQ=RAA\u0026DIRECTION=2019295-133D\u0026FILENAME=2019295-133D.pdf\u0026FILEREV=D\u0026DOCREV_ORG=D"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30119"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.4,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133d.pdf?req=raa\u0026direction=2019295-133d\u0026filename=2019295-133d.pdf\u0026filerev=d\u0026docrev_org=d"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133g.pdf?req=raa\u0026direction=2019295-133\u0026filename=2019295-133g.pdf\u0026filerev=g\u0026docrev_org=g"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/dms+sys+mgmt+manual.pdf?req=raa\u0026direction=doc1258180\u0026filename=dms%2bsys%2bmgmt%2bmanual.pdf\u0026filerev=3\u0026docrev_org=3"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6757"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6757"
},
{
"trust": 0.3,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133d.pdf?docclass=a\u0026req=rac\u0026direction=2019295-133d\u0026filename=2019295-133d.pdf\u0026filerev=d\u0026docrev_org=d\u0026submit=+accept+"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133d.pdf?req=raa\u0026amp;direction=2019295-133d\u0026amp;filename=2019295-133d.pdf\u0026amp;filerev=d\u0026amp;docrev_org=d"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133g.pdf?req=raa\u0026amp;direction=2019295-133\u0026amp;filename=2019295-133g.pdf\u0026amp;filerev=g\u0026amp;docrev_org=g"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/dms+sys+mgmt+manual.pdf?req=raa\u0026amp;direction=doc1258180\u0026amp;filename=dms%2bsys%2bmgmt%2bmanual.pdf\u0026amp;filerev=3\u0026amp;docrev_org=3"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76263"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "VULHUB",
"id": "VHN-30119"
},
{
"db": "VULMON",
"id": "CVE-2007-6757"
},
{
"db": "BID",
"id": "76263"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "VULHUB",
"id": "VHN-30119"
},
{
"db": "VULMON",
"id": "CVE-2007-6757"
},
{
"db": "BID",
"id": "76263"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-30119"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2007-6757"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76263"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"date": "2015-08-04T14:59:07.300000",
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-30119"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2007-6757"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76263"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity DMS Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
}
],
"trust": 0.6
}
}
VAR-201508-0597
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability. GE Healthcare Precision THUNIS-800+ (PT800+) is an integrated digital remote control multi-function X-ray machine (X-ray generating equipment) for the medical industry. There is a security vulnerability in GE Healthcare PT800+. An attacker could exploit this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "precision thunis-800\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "precision thunis-800+",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "precision thunis-800+",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "precision thunis-800\\+",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "electric healthcare precision thunis-800+",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:gehealthcare:precision_thunis-800%2B",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven of Protiviti.",
"sources": [
{
"db": "BID",
"id": "76170"
}
],
"trust": 0.3
},
"cve": "CVE-2014-7233",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-7233",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05135",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-7233",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-7233",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05135",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-036",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability. GE Healthcare Precision THUNIS-800+ (PT800+) is an integrated digital remote control multi-function X-ray machine (X-ray generating equipment) for the medical industry. There is a security vulnerability in GE Healthcare PT800+. An attacker could exploit this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7233"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7233",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05135",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036",
"trust": 0.6
},
{
"db": "BID",
"id": "76170",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"id": "VAR-201508-0597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
}
]
},
"last_update_date": "2025-04-13T23:04:05.541000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GE Healthcare Precision THUNIS-800+ R\u0026F System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.9,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.9,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5458232-1en+r4.pdf?req=raa\u0026direction=5458232-1en\u0026filename=5458232-1en%2br4.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7233"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7233"
},
{
"trust": 0.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5458232-1en+r4.pdf?req=raa\u0026amp;direction=5458232-1en\u0026amp;filename=5458232-1en%2br4.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"date": "2015-08-05T00:00:00",
"db": "BID",
"id": "76170"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"date": "2015-08-04T14:59:25.720000",
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"date": "2015-08-05T00:00:00",
"db": "BID",
"id": "76170"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Precision THUNIS-800+ Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
],
"trust": 0.6
}
}
VAR-201508-0002
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Discovery 530C is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging.
GE Healthcare Discovery 530C has built-in accounts. The acqservice user and the Xeleris System wsservice user ‘# bigguy1’ are used as passwords, allowing remote attackers to use these accounts to control devices. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "discovery 530c",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "discovery nm 530c",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "discovery 530c",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "discovery 530c",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"db": "BID",
"id": "76261"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:discovery_530c_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76261"
}
],
"trust": 0.3
},
"cve": "CVE-2009-5143",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-5143",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05167",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-42589",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-5143",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-5143",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05167",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-019",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-42589",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2009-5143",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"db": "VULHUB",
"id": "VHN-42589"
},
{
"db": "VULMON",
"id": "CVE-2009-5143"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Discovery 530C is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. \n\nGE Healthcare Discovery 530C has built-in accounts. The acqservice user and the Xeleris System wsservice user \u2018# bigguy1\u2019 are used as passwords, allowing remote attackers to use these accounts to control devices. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-5143"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"db": "BID",
"id": "76261"
},
{
"db": "VULHUB",
"id": "VHN-42589"
},
{
"db": "VULMON",
"id": "CVE-2009-5143"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-5143",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-019",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05167",
"trust": 0.6
},
{
"db": "BID",
"id": "76261",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-42589",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2009-5143",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"db": "VULHUB",
"id": "VHN-42589"
},
{
"db": "VULMON",
"id": "CVE-2009-5143"
},
{
"db": "BID",
"id": "76261"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"id": "VAR-201508-0002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-42589"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:04:05.504000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Discovery NM 530c Nuclear Medicine Imaging System Installation Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5323167-1EN_r2.pdf?REQ=RAA\u0026DIRECTION=5323167-1EN\u0026FILENAME=5323167-1EN_r2.pdf\u0026FILEREV=2\u0026DOCREV_ORG=2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42589"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.8,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5323167-1en_r2.pdf?req=raa\u0026direction=5323167-1en\u0026filename=5323167-1en_r2.pdf\u0026filerev=2\u0026docrev_org=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-5143"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-5143"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5323167-1en_r2.pdf?req=raa\u0026amp;direction=5323167-1en\u0026amp;filename=5323167-1en_r2.pdf\u0026amp;filerev=2\u0026amp;docrev_org=2"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"db": "VULHUB",
"id": "VHN-42589"
},
{
"db": "VULMON",
"id": "CVE-2009-5143"
},
{
"db": "BID",
"id": "76261"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"db": "VULHUB",
"id": "VHN-42589"
},
{
"db": "VULMON",
"id": "CVE-2009-5143"
},
{
"db": "BID",
"id": "76261"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-42589"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2009-5143"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76261"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"date": "2015-08-04T14:59:08.347000",
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-42589"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2009-5143"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76261"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery 530C Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
}
],
"trust": 0.6
}
}
VAR-201508-0008
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors. GE Healthcare Optima CT680, CT540, CT640, and CT520 are general computed tomography products for the medical industry. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "optima ct520",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "optima ct680",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "optima ct540",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "optima ct520",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "optima ct540",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "optima ct640",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "optima ct680",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "optima ct680",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "optima ct540",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "optima ct640",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "optima ct520",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "optima ct680",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "optima ct640",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "optima ct540",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "optima ct520",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "BID",
"id": "76262"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:optima_ct520_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:optima_ct540_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:optima_ct640_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:optima_ct680_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven of Protiviti.",
"sources": [
{
"db": "BID",
"id": "76262"
}
],
"trust": 0.3
},
"cve": "CVE-2010-5306",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-5306",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05169",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-47911",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-5306",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-5306",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05169",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-020",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-47911",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "VULHUB",
"id": "VHN-47911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors. GE Healthcare Optima CT680, CT540, CT640, and CT520 are general computed tomography products for the medical industry. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5306"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "BID",
"id": "76262"
},
{
"db": "VULHUB",
"id": "VHN-47911"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-5306",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-020",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05169",
"trust": 0.6
},
{
"db": "BID",
"id": "76262",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-47911",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "VULHUB",
"id": "VHN-47911"
},
{
"db": "BID",
"id": "76262"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"id": "VAR-201508-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "VULHUB",
"id": "VHN-47911"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
}
]
},
"last_update_date": "2025-04-13T23:04:05.468000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Optima CT680 Series Installation Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5472001-1EN_rev2.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5472001-1EN\u0026FILENAME=5472001-1EN_rev2.pdf\u0026FILEREV=2\u0026DOCREV_ORG=2\u0026SUBMIT=+ACCEPT+"
},
{
"title": "BrightSpeed Elite/Optima CT540 Installation Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5341628-1EN_r12.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5341628-1EN\u0026FILENAME=5341628-1EN_r12.pdf\u0026FILEREV=12\u0026DOCREV_ORG=12\u0026SUBMIT=+ACCEPT+"
},
{
"title": "Optima CT520 Series Installation Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5401943_rev%203.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5401943\u0026FILENAME=5401943_rev+3.pdf\u0026FILEREV=3\u0026DOCREV_ORG=3\u0026SUBMIT=+ACCEPT+"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.9,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5341628-1en_r12.pdf?req=raa\u0026direction=5341628-1en\u0026filename=5341628-1en_r12.pdf\u0026filerev=12\u0026docrev_org=12"
},
{
"trust": 1.9,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5401943_rev+3.pdf?req=raa\u0026direction=5401943\u0026filename=5401943_rev%2b3.pdf\u0026filerev=3\u0026docrev_org=3"
},
{
"trust": 1.9,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5472001-1en_rev2.pdf?req=raa\u0026direction=5472001-1en\u0026filename=5472001-1en_rev2.pdf\u0026filerev=2\u0026docrev_org=2"
},
{
"trust": 1.7,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5306"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5306"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5341628-1en_r12.pdf?req=raa\u0026amp;direction=5341628-1en\u0026amp;filename=5341628-1en_r12.pdf\u0026amp;filerev=12\u0026amp;docrev_org=12"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5401943_rev+3.pdf?req=raa\u0026amp;direction=5401943\u0026amp;filename=5401943_rev%2b3.pdf\u0026amp;filerev=3\u0026amp;docrev_org=3"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5472001-1en_rev2.pdf?req=raa\u0026amp;direction=5472001-1en\u0026amp;filename=5472001-1en_rev2.pdf\u0026amp;filerev=2\u0026amp;docrev_org=2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "VULHUB",
"id": "VHN-47911"
},
{
"db": "BID",
"id": "76262"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "VULHUB",
"id": "VHN-47911"
},
{
"db": "BID",
"id": "76262"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-47911"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76262"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"date": "2015-08-04T14:59:09.503000",
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-47911"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76262"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"date": "2015-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural GE Healthcare Optima Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
}
],
"trust": 0.6
}
}
VAR-201508-0004
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare eNTEGRA P&R Uses passwords for the following and other accounts, and is vulnerable to unspecified effects and attacks. GE Healthcare eNTEGRA P & R (Processing & Review) is a medical nuclear computer system for the medical industry from General Electric (GE).
A security vulnerability exists in GE Healthcare eNTEGRA P & R. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "entegra p\\\u0026r",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "entegra p\u0026r",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "healthcare entegra p\u0026r",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "entegra p\\\u0026r",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "entegra p\u0026r",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05149"
},
{
"db": "BID",
"id": "76280"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003991"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-012"
},
{
"db": "NVD",
"id": "CVE-2001-1594"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:entegra_p%26r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003991"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76280"
}
],
"trust": 0.3
},
"cve": "CVE-2001-1594",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1594",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05149",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1594",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2001-1594",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05149",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-012",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2001-1594",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05149"
},
{
"db": "VULMON",
"id": "CVE-2001-1594"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003991"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-012"
},
{
"db": "NVD",
"id": "CVE-2001-1594"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare eNTEGRA P\u0026R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P\u0026R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare eNTEGRA P\u0026R Uses passwords for the following and other accounts, and is vulnerable to unspecified effects and attacks. GE Healthcare eNTEGRA P \u0026 R (Processing \u0026 Review) is a medical nuclear computer system for the medical industry from General Electric (GE). \n\nA security vulnerability exists in GE Healthcare eNTEGRA P \u0026 R. An attacker could use this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1594"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003991"
},
{
"db": "CNVD",
"id": "CNVD-2015-05149"
},
{
"db": "BID",
"id": "76280"
},
{
"db": "VULMON",
"id": "CVE-2001-1594"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-1594",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003991",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05149",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-012",
"trust": 0.6
},
{
"db": "BID",
"id": "76280",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2001-1594",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05149"
},
{
"db": "VULMON",
"id": "CVE-2001-1594"
},
{
"db": "BID",
"id": "76280"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003991"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-012"
},
{
"db": "NVD",
"id": "CVE-2001-1594"
}
]
},
"id": "VAR-201508-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05149"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05149"
}
]
},
"last_update_date": "2025-04-13T23:04:05.433000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eNTEGRA P\u0026R Nuclear Imaging System System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2263784.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=2263784-100\u0026FILENAME=2263784.pdf\u0026FILEREV=5\u0026DOCREV_ORG=5\u0026SUBMIT=+ACCEPT+"
},
{
"title": "vmengine",
"trust": 0.1,
"url": "https://github.com/wsbespalov/vmengine "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2001-1594"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003991"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003991"
},
{
"db": "NVD",
"id": "CVE-2001-1594"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.0,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2263784.pdf?docclass=a\u0026req=rac\u0026direction=2263784-100\u0026filename=2263784.pdf\u0026filerev=5\u0026docrev_org=5\u0026submit=+accept+"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.7,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-1594"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2001-1594"
},
{
"trust": 0.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2263784.pdf?docclass=a\u0026amp;req=rac\u0026amp;direction=2263784-100\u0026amp;filename=2263784.pdf\u0026amp;filerev=5\u0026amp;docrev_org=5\u0026amp;submit=+accept+"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://github.com/wsbespalov/vmengine"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05149"
},
{
"db": "VULMON",
"id": "CVE-2001-1594"
},
{
"db": "BID",
"id": "76280"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003991"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-012"
},
{
"db": "NVD",
"id": "CVE-2001-1594"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05149"
},
{
"db": "VULMON",
"id": "CVE-2001-1594"
},
{
"db": "BID",
"id": "76280"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003991"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-012"
},
{
"db": "NVD",
"id": "CVE-2001-1594"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05149"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2001-1594"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76280"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003991"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-012"
},
{
"date": "2015-08-04T14:59:00.143000",
"db": "NVD",
"id": "CVE-2001-1594"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05149"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2001-1594"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76280"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003991"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-012"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2001-1594"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-012"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare eNTEGRA P\u0026R Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003991"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-012"
}
],
"trust": 0.6
}
}
VAR-201508-0019
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. GE Healthcare Centricity PACS is an image archiving and transmission system (PACS) for the medical industry of General Electric (GE). Workstation is a PACS workstation; Server is a PACS server. The vulnerability stems from the use of ‘2charGE’ as the password for the geservice account. An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.0.1"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.0"
},
{
"model": "centricity pacs server",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0.1"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0.1"
},
{
"model": "centricity pacs server",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0"
},
{
"model": "healthcare centricity pacs workstation/server",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "BID",
"id": "76175"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gehealthcare:centricity_pacs_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76175"
}
],
"trust": 0.3
},
"cve": "CVE-2012-6694",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6694",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05141",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6694",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-6694",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05141",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-030",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. GE Healthcare Centricity PACS is an image archiving and transmission system (PACS) for the medical industry of General Electric (GE). Workstation is a PACS workstation; Server is a PACS server. The vulnerability stems from the use of \u20182charGE\u2019 as the password for the geservice account. An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6694"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "BID",
"id": "76175"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6694",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030",
"trust": 0.6
},
{
"db": "BID",
"id": "76175",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "BID",
"id": "76175"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"id": "VAR-201508-0019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
}
]
},
"last_update_date": "2025-04-13T23:04:05.402000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0 Release)",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
},
{
"title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0.1 Release)",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.2,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?req=raa\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6694"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6694"
},
{
"trust": 0.3,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?docclass=a\u0026req=rac\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1\u0026submit=+ac"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "BID",
"id": "76175"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "BID",
"id": "76175"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76175"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"date": "2015-08-04T14:59:19.613000",
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76175"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Workstation and Server Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
}
],
"trust": 0.6
}
}
VAR-201508-0596
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. (1) insite For users 2getin password (2) xruser For users 4$xray password (3) root For users #superxr password It is unknown whether this password is default, hard-coded, or dependent on other systems or products that require a fixed value.It may be subject to unspecified effects and attacks. An attacker could exploit this vulnerability to control the device. Multiple GE Healthcare products are prone to a security-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "discovery xr656 g2",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "discovery xr656",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "discovery xr656",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "discovery xr656 g2",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "discovery xr656",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "discovery xr656 g2",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "discovery xr656",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "discovery xr656 g2",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "discovery xr656 g2",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "discovery xr656",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "BID",
"id": "76167"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:gehealthcare:discovery_xr656",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:gehealthcare:discovery_xr656_g2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76167"
}
],
"trust": 0.3
},
"cve": "CVE-2014-7232",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-7232",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05136",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-7232",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-7232",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05136",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-035",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2014-7232",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "VULMON",
"id": "CVE-2014-7232"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. (1) insite For users 2getin password (2) xruser For users 4$xray password (3) root For users #superxr password It is unknown whether this password is default, hard-coded, or dependent on other systems or products that require a fixed value.It may be subject to unspecified effects and attacks. An attacker could exploit this vulnerability to control the device. Multiple GE Healthcare products are prone to a security-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7232"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "BID",
"id": "76167"
},
{
"db": "VULMON",
"id": "CVE-2014-7232"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7232",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05136",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035",
"trust": 0.6
},
{
"db": "BID",
"id": "76167",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2014-7232",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "VULMON",
"id": "CVE-2014-7232"
},
{
"db": "BID",
"id": "76167"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"id": "VAR-201508-0596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
}
]
},
"last_update_date": "2025-04-13T23:04:05.368000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Discovery XR656 Installation Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/IM-5343950-1EN.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5343950-1EN\u0026FILENAME=IM-5343950-1EN.pdf\u0026FILEREV=7\u0026DOCREV_ORG=7\u0026SUBMIT=+ACCEPT+"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.3,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 2.0,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/im-5343950-1en.pdf?docclass=a\u0026req=rac\u0026direction=5343950-1en\u0026filename=im-5343950-1en.pdf\u0026filerev=7\u0026docrev_org=7\u0026submit=+accept+"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5643835-1en_r1.pdf?req=raa\u0026direction=5643835-1en\u0026filename=5643835-1en_r1.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7232"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7232"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "VULMON",
"id": "CVE-2014-7232"
},
{
"db": "BID",
"id": "76167"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "VULMON",
"id": "CVE-2014-7232"
},
{
"db": "BID",
"id": "76167"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2014-7232"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76167"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"date": "2015-08-04T14:59:24.753000",
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2014-7232"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76167"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery XR656 and XR656 G2 Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
}
],
"trust": 0.6
}
}
VAR-201803-0183
Vulnerability from variot - Updated: 2024-11-23 21:43GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. GE Infinia/Infinia with Hawkeye 4 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GEInfinia/InfiniawithHawkeye4 is a medical imaging device using gamma rays equipped with the Hawkeye4 system from General Electric (GE). A security vulnerability exists in GEInfinia/InfiniawithHawkeye4 that originated from the program using default credentials or hard-coded credentials. GE Medical Devices are prone to a remote authentication-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-0183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "infinia hawkeye 4",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "electric infinia hawkeye",
"scope": "eq",
"trust": 0.9,
"vendor": "general",
"version": "40"
},
{
"model": "infinia hawkeye 4",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05961"
},
{
"db": "BID",
"id": "103405"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013010"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-713"
},
{
"db": "NVD",
"id": "CVE-2017-14002"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:infinia_hawkeye_4_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013010"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "103405"
}
],
"trust": 0.3
},
"cve": "CVE-2017-14002",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-14002",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-05961",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-104681",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-14002",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14002",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-14002",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-05961",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-713",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-104681",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-14002",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05961"
},
{
"db": "VULHUB",
"id": "VHN-104681"
},
{
"db": "VULMON",
"id": "CVE-2017-14002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013010"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-713"
},
{
"db": "NVD",
"id": "CVE-2017-14002"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. GE Infinia/Infinia with Hawkeye 4 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GEInfinia/InfiniawithHawkeye4 is a medical imaging device using gamma rays equipped with the Hawkeye4 system from General Electric (GE). A security vulnerability exists in GEInfinia/InfiniawithHawkeye4 that originated from the program using default credentials or hard-coded credentials. GE Medical Devices are prone to a remote authentication-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013010"
},
{
"db": "CNVD",
"id": "CNVD-2018-05961"
},
{
"db": "BID",
"id": "103405"
},
{
"db": "VULHUB",
"id": "VHN-104681"
},
{
"db": "VULMON",
"id": "CVE-2017-14002"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14002",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 2.9
},
{
"db": "BID",
"id": "103405",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013010",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05961",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-713",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-104681",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-14002",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05961"
},
{
"db": "VULHUB",
"id": "VHN-104681"
},
{
"db": "VULMON",
"id": "CVE-2017-14002"
},
{
"db": "BID",
"id": "103405"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013010"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-713"
},
{
"db": "NVD",
"id": "CVE-2017-14002"
}
]
},
"id": "VAR-201803-0183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05961"
},
{
"db": "VULHUB",
"id": "VHN-104681"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05961"
}
]
},
"last_update_date": "2024-11-23T21:43:59.426000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Infinia Hawkeye 4",
"trust": 0.8,
"url": "http://www3.gehealthcare.co.jp/ja-jp/products_and_service/imaging/molecular_imaging/spect/infinia_hawkeye_4"
},
{
"title": "GEInfinia/InfiniawithHawkeye4 authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/122609"
},
{
"title": "GE Infinia/Infinia with Hawkeye 4 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79314"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05961"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013010"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-713"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
},
{
"problemtype": "CWE-287",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104681"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013010"
},
{
"db": "NVD",
"id": "CVE-2017-14002"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/103405"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14002"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14002"
},
{
"trust": 0.3,
"url": "https://www.ge.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05961"
},
{
"db": "VULHUB",
"id": "VHN-104681"
},
{
"db": "VULMON",
"id": "CVE-2017-14002"
},
{
"db": "BID",
"id": "103405"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013010"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-713"
},
{
"db": "NVD",
"id": "CVE-2017-14002"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05961"
},
{
"db": "VULHUB",
"id": "VHN-104681"
},
{
"db": "VULMON",
"id": "CVE-2017-14002"
},
{
"db": "BID",
"id": "103405"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013010"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-713"
},
{
"db": "NVD",
"id": "CVE-2017-14002"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05961"
},
{
"date": "2018-03-20T00:00:00",
"db": "VULHUB",
"id": "VHN-104681"
},
{
"date": "2018-03-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14002"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103405"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013010"
},
{
"date": "2018-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-713"
},
{
"date": "2018-03-20T16:29:00.267000",
"db": "NVD",
"id": "CVE-2017-14002"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05961"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-104681"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14002"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103405"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013010"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-713"
},
{
"date": "2024-11-21T03:11:56.627000",
"db": "NVD",
"id": "CVE-2017-14002"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-713"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Infinia/Infinia with Hawkeye 4 Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013010"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-713"
}
],
"trust": 0.6
}
}
VAR-201803-0185
Vulnerability from variot - Updated: 2024-11-23 21:43GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. GE Xeleris Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GE Xeleris is a medical image management system of General Electric (GE). GE Medical Devices are prone to a remote authentication-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-0185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xeleris",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "2.1"
},
{
"model": "xeleris",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "3.0"
},
{
"model": "xeleris",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "3.1"
},
{
"model": "xeleris",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "1.0"
},
{
"model": "xeleris",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "1.1"
},
{
"model": "electric xeleris",
"scope": "eq",
"trust": 0.9,
"vendor": "general",
"version": "1.0"
},
{
"model": "electric xeleris",
"scope": "eq",
"trust": 0.9,
"vendor": "general",
"version": "1.1"
},
{
"model": "electric xeleris",
"scope": "eq",
"trust": 0.9,
"vendor": "general",
"version": "2.1"
},
{
"model": "electric xeleris",
"scope": "eq",
"trust": 0.9,
"vendor": "general",
"version": "3.0"
},
{
"model": "electric xeleris",
"scope": "eq",
"trust": 0.9,
"vendor": "general",
"version": "3.1"
},
{
"model": "xeleris",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "1.0"
},
{
"model": "xeleris",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "1.1"
},
{
"model": "xeleris",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "2.1"
},
{
"model": "xeleris",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "3.0"
},
{
"model": "xeleris",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "3.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05955"
},
{
"db": "BID",
"id": "103429"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013012"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-711"
},
{
"db": "NVD",
"id": "CVE-2017-14006"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gehealthcare:xeleris",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013012"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "103429"
}
],
"trust": 0.3
},
"cve": "CVE-2017-14006",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-14006",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-05955",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-14006",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14006",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-14006",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-05955",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-711",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-14006",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05955"
},
{
"db": "VULMON",
"id": "CVE-2017-14006"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013012"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-711"
},
{
"db": "NVD",
"id": "CVE-2017-14006"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. GE Xeleris Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GE Xeleris is a medical image management system of General Electric (GE). GE Medical Devices are prone to a remote authentication-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14006"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013012"
},
{
"db": "CNVD",
"id": "CNVD-2018-05955"
},
{
"db": "BID",
"id": "103429"
},
{
"db": "VULMON",
"id": "CVE-2017-14006"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2017-14006",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013012",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05955",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-711",
"trust": 0.6
},
{
"db": "BID",
"id": "103429",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2017-14006",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05955"
},
{
"db": "VULMON",
"id": "CVE-2017-14006"
},
{
"db": "BID",
"id": "103429"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013012"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-711"
},
{
"db": "NVD",
"id": "CVE-2017-14006"
}
]
},
"id": "VAR-201803-0185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05955"
}
],
"trust": 1.2875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05955"
}
]
},
"last_update_date": "2024-11-23T21:43:58.921000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Xeleris 4.0",
"trust": 0.8,
"url": "http://www3.gehealthcare.be/~/media/downloads/belgium/academy/benl%20flyer%20xeleris%2040%20no%20date.pdf?Parent=%7B3124477A-1ADF-44E7-9923-6B52781A40E8%7D"
},
{
"title": "Patch for GE Xeleris authentication bypass vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/122613"
},
{
"title": "GE Xeleris Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79312"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05955"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013012"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-711"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
},
{
"problemtype": "CWE-287",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013012"
},
{
"db": "NVD",
"id": "CVE-2017-14006"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14006"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14006"
},
{
"trust": 0.3,
"url": "https://www.ge.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05955"
},
{
"db": "VULMON",
"id": "CVE-2017-14006"
},
{
"db": "BID",
"id": "103429"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013012"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-711"
},
{
"db": "NVD",
"id": "CVE-2017-14006"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05955"
},
{
"db": "VULMON",
"id": "CVE-2017-14006"
},
{
"db": "BID",
"id": "103429"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013012"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-711"
},
{
"db": "NVD",
"id": "CVE-2017-14006"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05955"
},
{
"date": "2018-03-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14006"
},
{
"date": "2018-02-06T00:00:00",
"db": "BID",
"id": "103429"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013012"
},
{
"date": "2018-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-711"
},
{
"date": "2018-03-20T16:29:00.373000",
"db": "NVD",
"id": "CVE-2017-14006"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05955"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14006"
},
{
"date": "2018-02-06T00:00:00",
"db": "BID",
"id": "103429"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013012"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-711"
},
{
"date": "2024-11-21T03:11:57.107000",
"db": "NVD",
"id": "CVE-2017-14006"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-711"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Xeleris Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013012"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-711"
}
],
"trust": 0.6
}
}
CVE-2024-27110 (GCVE-0-2024-27110)
Vulnerability from nvd – Published: 2024-05-14 17:16 – Updated: 2024-08-02 00:27- CWE-250 - Execution with Unnecessary Privileges
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | EchoPAC Software Only |
Affected:
0
|
|
| GE HealthCare | ImageVault |
Affected:
0
|
|
| GE HealthCare | EchoPAC Turnkey |
Affected:
0
|
|
| gehealthcare | image_vault |
Affected:
-
cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_software |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_turnkey |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_vault",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_software",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_turnkey",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:22:50.224196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:21.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EchoPAC Software Only",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ImageVault",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EchoPAC Turnkey",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Elevation of privilege vulnerability in GE HealthCare EchoPAC products"
}
],
"value": "Elevation of privilege vulnerability in GE HealthCare EchoPAC products"
}
],
"impacts": [
{
"capecId": "CAPEC-69",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-69 Target Programs with Elevated Privileges"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:16:39.659Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Elevation of privilege vulnerability in GE HealthCare EchoPAC products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-27110",
"datePublished": "2024-05-14T17:16:39.659Z",
"dateReserved": "2024-02-19T15:22:56.573Z",
"dateUpdated": "2024-08-02T00:27:59.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27109 (GCVE-0-2024-27109)
Vulnerability from nvd – Published: 2024-05-14 17:13 – Updated: 2024-08-02 00:27- CWE-522 - Insufficiently Protected Credentials
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | EchoPAC Software Only |
Affected:
0 , < 206.44
(custom)
|
|
| GE HealthCare | ImageVault |
Affected:
0
|
|
| GE HealthCare | EchoPAC Turnkey |
Affected:
0
|
|
| gehealthcare | image_vault |
Affected:
-
cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_software |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_turnkey |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_vault",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_software",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_turnkey",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:31:48.782021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:32.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EchoPAC Software Only",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206.44",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ImageVault",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EchoPAC Turnkey",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficiently protected credentials in GE HealthCare EchoPAC products"
}
],
"value": "Insufficiently protected credentials in GE HealthCare EchoPAC products"
}
],
"impacts": [
{
"capecId": "CAPEC-653",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-653 Use of Known Operating System Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:13:16.193Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficiently protected credentials in GE HealthCare EchoPAC products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-27109",
"datePublished": "2024-05-14T17:13:16.193Z",
"dateReserved": "2024-02-19T15:22:56.573Z",
"dateUpdated": "2024-08-02T00:27:59.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27108 (GCVE-0-2024-27108)
Vulnerability from nvd – Published: 2024-05-14 17:09 – Updated: 2024-08-02 00:27- CWE-732 - Incorrect Permission Assignment for Critical Resource
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | EchoPAC Software Only |
Affected:
0
|
|
| GE HealthCare | ImageVault |
Affected:
0
|
|
| GE HealthCare | EchoPAC Turnkey |
Affected:
0
|
|
| gehealthcare | image_vault |
Affected:
-
cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_software |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_turnkey |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_vault",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_software",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_turnkey",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:31:41.993414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:18.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:58.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EchoPAC Software Only",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ImageVault",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EchoPAC Turnkey",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products"
}
],
"value": "Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:09:08.166Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-27108",
"datePublished": "2024-05-14T17:09:08.166Z",
"dateReserved": "2024-02-19T15:22:56.572Z",
"dateUpdated": "2024-08-02T00:27:58.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27107 (GCVE-0-2024-27107)
Vulnerability from nvd – Published: 2024-05-14 17:05 – Updated: 2024-08-02 00:27- CWE-798 - Use of Hard-coded Credentials
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | EchoPAC Software Only |
Affected:
0 , < 206.82
(custom)
|
|
| GE HealthCare | ImageVault |
Affected:
0
|
|
| GE HealthCare | EchoPAC Turnkey |
Affected:
0
|
|
| gehealthcare | image_vault |
Affected:
-
cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_software |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_turnkey |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_vault",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_software",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_turnkey",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:31:36.437377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:35.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EchoPAC Software Only",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206.82",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ImageVault",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EchoPAC Turnkey",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weak account password in GE HealthCare EchoPAC products"
}
],
"value": "Weak account password in GE HealthCare EchoPAC products"
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:05:22.568Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Weak account password in GE HealthCare EchoPAC products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-27107",
"datePublished": "2024-05-14T17:05:22.568Z",
"dateReserved": "2024-02-19T15:22:56.572Z",
"dateUpdated": "2024-08-02T00:27:59.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27106 (GCVE-0-2024-27106)
Vulnerability from nvd – Published: 2024-05-14 17:01 – Updated: 2024-08-02 00:27- CWE-311 - Missing Encryption of Sensitive Data
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | EchoPAC Software Only |
Affected:
0
|
|
| GE HealthCare | ImageVault |
Affected:
0
|
|
| GE HealthCare | EchoPAC Turnkey |
Affected:
0
|
|
| gehealthcare | image_vault |
Affected:
-
cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_software |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_turnkey |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_vault",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_software",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_turnkey",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:31:29.049031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:22.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EchoPAC Software Only",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ImageVault",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EchoPAC Turnkey",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerable data in transit in GE HealthCare EchoPAC products"
}
],
"value": "Vulnerable data in transit in GE HealthCare EchoPAC products"
}
],
"impacts": [
{
"capecId": "CAPEC-157",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-157 Sniffing Attacks"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:01:22.488Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Vulnerable data in transit in GE HealthCare EchoPAC products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-27106",
"datePublished": "2024-05-14T17:01:22.488Z",
"dateReserved": "2024-02-19T15:22:56.572Z",
"dateUpdated": "2024-08-02T00:27:59.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1630 (GCVE-0-2024-1630)
Vulnerability from nvd – Published: 2024-05-14 16:55 – Updated: 2024-08-22 17:51- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | Venue |
Affected:
R1
Affected: R2 Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.3 (custom) |
|
| GE HealthCare | Venue Go |
Affected:
R2
Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.3 (custom) |
|
| GE HealthCare | Venue Fit |
Affected:
R3 , ≤ R3.3
(custom)
Affected: R4 , ≤ R4.3 (custom) |
|
| GE HealthCare | LOGIQ e |
Affected:
R7 , ≤ R9.1.4
(custom)
Affected: R8 , ≤ R10.1.3 (custom) Affected: R9 , ≤ R11.0.3 (custom) |
|
| GE HealthCare | LOGIQ He |
Affected:
0 , ≤ R9.3.1
(custom)
|
|
| GE HealthCare | Vivid E |
Affected:
E95 , < 206
(custom)
Affected: E90 , < 206 (custom) Affected: E80 , < 206 (custom) |
|
| GE HealthCare | Vivid T |
Affected:
T8 , < 206
(custom)
Affected: T9 , < 206 (custom) |
|
| GE HealthCare | Vivid iq |
Affected:
0 , < 206
(custom)
|
|
| GE HealthCare | Voluson Expert 16 |
Affected:
0
Affected: BT24 |
|
| GE HealthCare | Voluson Expert 18 |
Affected:
0
Affected: BT24 |
|
| GE HealthCare | Voluson Expert 22 |
Affected:
0
Affected: BT24 |
|
| GE HealthCare | Voluson SWIFT |
Affected:
0
Affected: BT24 |
|
| GE HealthCare | LOGIQ E10 |
Affected:
0 , < R3.2.0
(custom)
|
|
| GE HealthCare | LOGIQ E10s |
Affected:
0 , < R3.2.0
(custom)
|
|
| GE HealthCare | LOGIQ Fortis |
Affected:
0 , < R3.2.0
(custom)
|
|
| gehealthcare | venue_firmware |
Affected:
r1
Affected: r2 Affected: r3 , ≤ r3.3 (custom) Affected: r4 , ≤ r4.3 (custom) cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | venue_go_firmware |
Affected:
r2
Affected: r3 , ≤ r3.3 (custom) Affected: r4 , ≤ r4.3 (custom) cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | venue_fit_firmware |
Affected:
r3 , ≤ r3.3
(custom)
Affected: r4 , ≤ r4.3 (custom) cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | logiq_e_firmware |
Affected:
r7 , ≤ r9.1.4
(custom)
Affected: r8 , ≤ r10.1.3 (custom) Affected: r9 , ≤ r11.0.3 (custom) cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | logiq_he_firmware |
Affected:
0 , ≤ r9.3.1
(custom)
cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | vivid_e_firmware |
Affected:
e95 , < 206
(custom)
Affected: e90 , < 206 (custom) Affected: e80 , < 206 (custom) cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | vivid_t_firmware |
Affected:
t8 , < 206
(custom)
Affected: t9 , < 206 (custom) cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | vivid_iq_firmware |
Affected:
0 , < 206
(custom)
cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | voluson_expert_16 |
Affected:
0
Affected: bt24 cpe:2.3:a:gehealthcare:voluson_expert_16:*:*:*:*:*:*:*:* |
|
| gehealthcare | voluson_expert_18 |
Affected:
0
Affected: bt24 cpe:2.3:a:gehealthcare:voluson_expert_18:*:*:*:*:*:*:*:* |
|
| gehealthcare | voluson_expert_22 |
Affected:
0
Affected: bt24 cpe:2.3:a:gehealthcare:voluson_expert_22:*:*:*:*:*:*:*:* |
|
| gehealthcare | voluson_swift |
Affected:
0
Affected: bt24 cpe:2.3:a:gehealthcare:voluson_swift:*:*:*:*:*:*:*:* |
|
| gehealthcare | logiq_e10 |
Affected:
0 , < r3.2.0
(custom)
cpe:2.3:a:gehealthcare:logiq_e10:*:*:*:*:*:*:*:* |
|
| gehealthcare | logiq_e10s |
Affected:
0 , < r3.2.0
(custom)
cpe:2.3:a:gehealthcare:logiq_e10s:*:*:*:*:*:*:*:* |
|
| gehealthcare | logiq_fortis |
Affected:
0 , < r3.2.0
(custom)
cpe:2.3:a:gehealthcare:logiq_fortis:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "venue_firmware",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "r1"
},
{
"status": "affected",
"version": "r2"
},
{
"lessThanOrEqual": "r3.3",
"status": "affected",
"version": "r3",
"versionType": "custom"
},
{
"lessThanOrEqual": "r4.3",
"status": "affected",
"version": "r4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "venue_go_firmware",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "r2"
},
{
"lessThanOrEqual": "r3.3",
"status": "affected",
"version": "r3",
"versionType": "custom"
},
{
"lessThanOrEqual": "r4.3",
"status": "affected",
"version": "r4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "venue_fit_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThanOrEqual": "r3.3",
"status": "affected",
"version": "r3",
"versionType": "custom"
},
{
"lessThanOrEqual": "r4.3",
"status": "affected",
"version": "r4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "logiq_e_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThanOrEqual": "r9.1.4",
"status": "affected",
"version": "r7",
"versionType": "custom"
},
{
"lessThanOrEqual": "r10.1.3",
"status": "affected",
"version": "r8",
"versionType": "custom"
},
{
"lessThanOrEqual": "r11.0.3",
"status": "affected",
"version": "r9",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "logiq_he_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThanOrEqual": "r9.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vivid_e_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "e95",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "e90",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "e80",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vivid_t_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "t8",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "t9",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vivid_iq_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:voluson_expert_16:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "voluson_expert_16",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "bt24"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:voluson_expert_18:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "voluson_expert_18",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "bt24"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:voluson_expert_22:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "voluson_expert_22",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "bt24"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:voluson_swift:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "voluson_swift",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "bt24"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:logiq_e10:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "logiq_e10",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "r3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:logiq_e10s:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "logiq_e10s",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "r3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:logiq_fortis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "logiq_fortis",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "r3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1630",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:43:01.721848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T17:51:14.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Venue",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "R1"
},
{
"status": "affected",
"version": "R2"
},
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.3",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Venue Go",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "R2"
},
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.3",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Venue Fit",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.3",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ e",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R9.1.4",
"status": "affected",
"version": "R7",
"versionType": "custom"
},
{
"lessThanOrEqual": "R10.1.3",
"status": "affected",
"version": "R8",
"versionType": "custom"
},
{
"lessThanOrEqual": "R11.0.3",
"status": "affected",
"version": "R9",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ He",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R9.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid E",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "E95",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "E90",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "E80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid T",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "T8",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "T9",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid iq",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson Expert 16",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "BT24"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson Expert 18",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "BT24"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson Expert 22",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "BT24"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson SWIFT",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "BT24"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ E10",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "R3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ E10s",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "R3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ Fortis",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "R3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal vulnerability in \u201cgetAllFolderContents\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component"
}
],
"value": "Path traversal vulnerability in \u201cgetAllFolderContents\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T16:55:56.853Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path traversal vulnerability in \u201cgetAllFolderContents\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-1630",
"datePublished": "2024-05-14T16:55:56.853Z",
"dateReserved": "2024-02-19T15:28:03.794Z",
"dateUpdated": "2024-08-22T17:51:14.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27110 (GCVE-0-2024-27110)
Vulnerability from cvelistv5 – Published: 2024-05-14 17:16 – Updated: 2024-08-02 00:27- CWE-250 - Execution with Unnecessary Privileges
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | EchoPAC Software Only |
Affected:
0
|
|
| GE HealthCare | ImageVault |
Affected:
0
|
|
| GE HealthCare | EchoPAC Turnkey |
Affected:
0
|
|
| gehealthcare | image_vault |
Affected:
-
cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_software |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_turnkey |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_vault",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_software",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_turnkey",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:22:50.224196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:21.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EchoPAC Software Only",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ImageVault",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EchoPAC Turnkey",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Elevation of privilege vulnerability in GE HealthCare EchoPAC products"
}
],
"value": "Elevation of privilege vulnerability in GE HealthCare EchoPAC products"
}
],
"impacts": [
{
"capecId": "CAPEC-69",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-69 Target Programs with Elevated Privileges"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:16:39.659Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Elevation of privilege vulnerability in GE HealthCare EchoPAC products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-27110",
"datePublished": "2024-05-14T17:16:39.659Z",
"dateReserved": "2024-02-19T15:22:56.573Z",
"dateUpdated": "2024-08-02T00:27:59.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}