Search

Find a vulnerability

Search criteria

    74 vulnerabilities by gehealthcare

    VAR-201508-0005

    Vulnerability from variot - Updated: 2025-04-13 23:39

    GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdown user, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC, and MyoSIGHT are all scanning cameras for the medical industry from General Electric (GE).

    There are security vulnerabilities in several GE products. An attacker could use this vulnerability to control the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0005",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "millennium mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gehealthcare",
            "version": "*"
          },
          {
            "model": "millennium nc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gehealthcare",
            "version": "*"
          },
          {
            "model": "millennium myosight",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gehealthcare",
            "version": "*"
          },
          {
            "model": "millennium mg",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "millennium myosight",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "millennium nc",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "healthcare millennium mg/nc/myosight",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "millennium myosight",
            "scope": null,
            "trust": 0.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "millennium nc",
            "scope": null,
            "trust": 0.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "millennium mg",
            "scope": null,
            "trust": 0.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "millennium nc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          },
          {
            "model": "millennium myosight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          },
          {
            "model": "millennium mg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05133"
          },
          {
            "db": "BID",
            "id": "86877"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-013"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2445"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:millennium_mg_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:millennium_myosight_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:millennium_nc_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003992"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "86877"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2002-2445",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2002-2445",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05133",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2002-2445",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2002-2445",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05133",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-013",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2002-2445",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05133"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-2445"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-013"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2445"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) \"service.\" for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdown user, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC, and MyoSIGHT are all scanning cameras for the medical industry from General Electric (GE). \n\nThere are security vulnerabilities in several GE products. An attacker could use this vulnerability to control the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-2445"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003992"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05133"
          },
          {
            "db": "BID",
            "id": "86877"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-2445"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2002-2445",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003992",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05133",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-013",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "86877",
            "trust": 0.4
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-2445",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05133"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-2445"
          },
          {
            "db": "BID",
            "id": "86877"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-013"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2445"
          }
        ]
      },
      "id": "VAR-201508-0005",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05133"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05133"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:39:37.898000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Millennium MyoSIGHT Nuclear Medicine Imaging System Service Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA\u0026DIRECTION=2354459-100\u0026FILENAME=2354459-100.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www3.gehealthcare.com/en/global_gateway"
          },
          {
            "title": "Millenium MG \u0026 MC Nuclear Medicine Imaging System Service Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA\u0026DIRECTION=2338955-100\u0026FILENAME=2338955-100.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003992"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-2445"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 2.0,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2338955-100.pdf?req=raa\u0026direction=2338955-100\u0026filename=2338955-100.pdf\u0026filerev=1\u0026docrev_org=1"
          },
          {
            "trust": 2.0,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2354459-100.pdf?req=raa\u0026direction=2354459-100\u0026filename=2354459-100.pdf\u0026filerev=4\u0026docrev_org=4"
          },
          {
            "trust": 2.0,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-2445"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2002-2445"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/86877"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05133"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-2445"
          },
          {
            "db": "BID",
            "id": "86877"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-013"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2445"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05133"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-2445"
          },
          {
            "db": "BID",
            "id": "86877"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-013"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2445"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05133"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2002-2445"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "86877"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003992"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-013"
          },
          {
            "date": "2015-08-04T14:59:01.817000",
            "db": "NVD",
            "id": "CVE-2002-2445"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05133"
          },
          {
            "date": "2015-09-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2002-2445"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "86877"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003992"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-013"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2002-2445"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-013"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  GE Healthcare Millennium Product vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003992"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-013"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0152

    Vulnerability from variot - Updated: 2025-04-13 23:39

    The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Centricity DMS is a cardiology clinical education data management system for the medical industry from General Electric (GE). An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0152",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "centricity dms",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "gehealthcare",
            "version": "4.2"
          },
          {
            "model": "centricity cardiology data management system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": "4.2"
          },
          {
            "model": "centricity dms",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "4.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "BID",
            "id": "76166"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:gehealthcare:centricity_dms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "76166"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2013-7405",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-7405",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05138",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-7405",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-7405",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05138",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-033",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2013-7405",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Centricity DMS is a cardiology clinical education data management system for the medical industry from General Electric (GE). An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "BID",
            "id": "76166"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7405"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-7405",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76166",
            "trust": 0.4
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7405",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7405"
          },
          {
            "db": "BID",
            "id": "76166"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          }
        ]
      },
      "id": "VAR-201508-0152",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:39:37.837000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Centricity* Cardiology Data Management System DMS Admin. - v. 4.2 Master Trainer Guide",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/0908141_DMS%204.2%20MTG.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=0908141\u0026FILENAME=0908141_DMS+4.2+MTG.pdf\u0026FILEREV=D\u0026DOCREV_ORG=D\u0026SUBMIT=+ACCEPT+"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 1.7,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms+4.2+mtg.pdf?req=raa\u0026direction=0908141\u0026filename=0908141_dms%2b4.2%2bmtg.pdf\u0026filerev=d\u0026docrev_org=d"
          },
          {
            "trust": 1.7,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7405"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7405"
          },
          {
            "trust": 0.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms+4.2+mtg.pdf?req=raa\u0026amp;direction=0908141\u0026amp;filename=0908141_dms%2b4.2%2bmtg.pdf\u0026amp;filerev=d\u0026amp;docrev_org=d"
          },
          {
            "trust": 0.3,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms%204.2%20mtg.pdf?docclass=a\u0026req=rac\u0026direction=0908141\u0026filename=0908141_dms+4.2+mtg.pdf\u0026filerev=d\u0026docrev_org=d\u0026submit=+accept+"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/76166"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7405"
          },
          {
            "db": "BID",
            "id": "76166"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7405"
          },
          {
            "db": "BID",
            "id": "76166"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-7405"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76166"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          },
          {
            "date": "2015-08-04T14:59:22.643000",
            "db": "NVD",
            "id": "CVE-2013-7405"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-7405"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76166"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2013-7405"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity DMS Ad Hoc Reporting Trust Management Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0010

    Vulnerability from variot - Updated: 2025-04-13 23:37

    GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default. GE Healthcare Optima MR360 is a magnetic resonance imaging (MRI) system for the medical industry. An attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0010",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "optima mr360",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "optima mr360",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "optima mr360",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "optima mr360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05172"
          },
          {
            "db": "BID",
            "id": "76260"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004015"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-022"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5308"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:optima_mr360_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004015"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven",
        "sources": [
          {
            "db": "BID",
            "id": "76260"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2010-5308",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2010-5308",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05172",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-47913",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2010-5308",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2010-5308",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05172",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-022",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-47913",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47913"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004015"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-022"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5308"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen.  NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default. GE Healthcare Optima MR360 is a magnetic resonance imaging (MRI) system for the medical industry. \nAn attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-5308"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004015"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05172"
          },
          {
            "db": "BID",
            "id": "76260"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47913"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2010-5308",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004015",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-022",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05172",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76260",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-47913",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47913"
          },
          {
            "db": "BID",
            "id": "76260"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004015"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-022"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5308"
          }
        ]
      },
      "id": "VAR-201508-0010",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-47913"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-13T23:37:31.686000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Optima MR360 1.5T MR system Operator Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360%20operator%20manual%20paper.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360+operator+manual+paper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4\u0026SUBMIT=+ACCEPT+"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004015"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-47913"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004015"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5308"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 2.0,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 1.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026direction=5339461-1en\u0026filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026filerev=4\u0026docrev_org=4"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5308"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5308"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en/global_gateway"
          },
          {
            "trust": 0.3,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360%20operator%20manual%20paper.pdf?docclass=a\u0026req=rac\u0026direction=5339461-1en\u0026filename=mr360+operator+manual+paper.pdf\u0026filerev=4\u0026docrev_org=4\u0026submit"
          },
          {
            "trust": 0.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026amp;direction=5339461-1en\u0026amp;filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47913"
          },
          {
            "db": "BID",
            "id": "76260"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004015"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-022"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5308"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47913"
          },
          {
            "db": "BID",
            "id": "76260"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004015"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-022"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5308"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05172"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-47913"
          },
          {
            "date": "2015-07-10T00:00:00",
            "db": "BID",
            "id": "76260"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004015"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-022"
          },
          {
            "date": "2015-08-04T14:59:11.503000",
            "db": "NVD",
            "id": "CVE-2010-5308"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05172"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-47913"
          },
          {
            "date": "2015-07-10T00:00:00",
            "db": "BID",
            "id": "76260"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004015"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-022"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2010-5308"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-022"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Optima MR360 Vulnerabilities to gain access to",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004015"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-022"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0013

    Vulnerability from variot - Updated: 2025-04-13 23:18

    GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors. GE Healthcare Infinia II is a dual detector imaging system for the medical industry at General Electric (GE). An attacker could exploit this vulnerability to control the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0013",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "infinia ii",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gehealthcare",
            "version": "*"
          },
          {
            "model": "infinia ii",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "healthcare infinia ii",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "infinia ii",
            "scope": null,
            "trust": 0.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "infinia ii",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05143"
          },
          {
            "db": "BID",
            "id": "76179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-7253"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:infinia_ii_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003996"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven",
        "sources": [
          {
            "db": "BID",
            "id": "76179"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2006-7253",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-7253",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05143",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-7253",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-7253",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05143",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-017",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-7253"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors. GE Healthcare Infinia II is a dual detector imaging system for the medical industry at General Electric (GE). An attacker could exploit this vulnerability to control the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-7253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003996"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05143"
          },
          {
            "db": "BID",
            "id": "76179"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-7253",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003996",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05143",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-017",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76179",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05143"
          },
          {
            "db": "BID",
            "id": "76179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-7253"
          }
        ]
      },
      "id": "VAR-201508-0013",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05143"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05143"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:18:04.830000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Infinia II System Service Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/H-xw4100+Workstation.pdf?REQ=RAA\u0026DIRECTION=2411012-100\u0026FILENAME=H-xw4100%2BWorkstation.pdf\u0026FILEREV=6\u0026DOCREV_ORG=6"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003996"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003996"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-7253"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 1.6,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 1.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/h-xw4100+workstation.pdf?req=raa\u0026direction=2411012-100\u0026filename=h-xw4100%2bworkstation.pdf\u0026filerev=6\u0026docrev_org=6"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7253"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-7253"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en/products/categories/goldseal_-_refurbished_systems/goldseal_nuclear_medicine/goldseal_infinia_ii"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05143"
          },
          {
            "db": "BID",
            "id": "76179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-7253"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05143"
          },
          {
            "db": "BID",
            "id": "76179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-7253"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05143"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76179"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003996"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-017"
          },
          {
            "date": "2015-08-04T14:59:06.237000",
            "db": "NVD",
            "id": "CVE-2006-7253"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05143"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76179"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003996"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-017"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2006-7253"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-017"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Infinia II Trust Management Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-017"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-017"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0526

    Vulnerability from variot - Updated: 2025-04-13 23:14

    GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0526",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "centricity clinical archive audit trail repository",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gehealthcare",
            "version": "*"
          },
          {
            "model": "centricity clinical archive audit trail repository",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "centricity clinical archive audit trail repository",
            "scope": null,
            "trust": 0.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "centricity clinical archive audit trail repository",
            "scope": null,
            "trust": 0.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "electric healthcare centricity clinical archive audit trail repository",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05134"
          },
          {
            "db": "BID",
            "id": "76164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9736"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:gehealthcare:centricity_clinical_archive_audit_trail_repository",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004012"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven of Protiviti.",
        "sources": [
          {
            "db": "BID",
            "id": "76164"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-9736",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-9736",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05134",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-9736",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-9736",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05134",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-037",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05134"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9736"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors. An attacker could use this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9736"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05134"
          },
          {
            "db": "BID",
            "id": "76164"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-9736",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004012",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05134",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-037",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76164",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05134"
          },
          {
            "db": "BID",
            "id": "76164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9736"
          }
        ]
      },
      "id": "VAR-201508-0526",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05134"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05134"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:14:30.581000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Audit Trail Repository Installation and Service Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/DOC1474072_ATR_InstSvcMan.pdf?REQ=RAA\u0026DIRECTION=DOC1474072\u0026FILENAME=DOC1474072_ATR_InstSvcMan.pdf\u0026FILEREV=--\u0026DOCREV_ORG=--"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004012"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004012"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9736"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 1.9,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 1.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/doc1474072_atr_instsvcman.pdf?req=raa\u0026direction=doc1474072\u0026filename=doc1474072_atr_instsvcman.pdf\u0026filerev=--\u0026docrev_org=--"
          },
          {
            "trust": 1.2,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/doc1474072_atr_instsvcman.pdf?req=raa\u0026amp;direction=doc1474072\u0026amp;filename=doc1474072_atr_instsvcman.pdf\u0026amp;filerev=--\u0026amp;docrev_org=--"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9736"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9736"
          },
          {
            "trust": 0.3,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/doc1474072_atr_instsvcman.pdf?req=raa\u0026direction=doc1474072\u0026filename=doc1474072_atr_instsvcman.pdf\u0026filerev=--\u0026docrev_org=-- "
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en/global_gateway"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05134"
          },
          {
            "db": "BID",
            "id": "76164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9736"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05134"
          },
          {
            "db": "BID",
            "id": "76164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9736"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05134"
          },
          {
            "date": "2015-07-10T00:00:00",
            "db": "BID",
            "id": "76164"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004012"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-037"
          },
          {
            "date": "2015-08-04T14:59:26.720000",
            "db": "NVD",
            "id": "CVE-2014-9736"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05134"
          },
          {
            "date": "2015-07-10T00:00:00",
            "db": "BID",
            "id": "76164"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004012"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-037"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-9736"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-037"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity Clinical Archive Audit Trail Repository Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004012"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-037"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0151

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The GE Healthcare Discovery NM 750b is a high-end molecular mammography device for the medical industry at General Electric (GE). An attacker could exploit this vulnerability to control the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0151",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "discovery nm 750b",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gehealthcare",
            "version": "*"
          },
          {
            "model": "discovery nm 750b",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "discovery nm 750b",
            "scope": null,
            "trust": 0.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "discovery nm 750b",
            "scope": null,
            "trust": 0.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "discovery nm 750b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05139"
          },
          {
            "db": "BID",
            "id": "76168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-032"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7404"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:gehealthcare:discovery_nm_750b",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004007"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "76168"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2013-7404",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-7404",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05139",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-7404",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-7404",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05139",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-032",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2013-7404",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05139"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-032"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7404"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The GE Healthcare Discovery NM 750b is a high-end molecular mammography device for the medical industry at General Electric (GE). An attacker could exploit this vulnerability to control the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-7404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004007"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05139"
          },
          {
            "db": "BID",
            "id": "76168"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7404"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-7404",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004007",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05139",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-032",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76168",
            "trust": 0.4
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7404",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05139"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7404"
          },
          {
            "db": "BID",
            "id": "76168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-032"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7404"
          }
        ]
      },
      "id": "VAR-201508-0151",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05139"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05139"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:04:05.996000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Discovery NM 750b Nuclear Medicine Imaging Systems Installation Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5411136-1EN\u0026FILENAME=5411136-1EN_r3.pdf\u0026FILEREV=3\u0026DOCREV_ORG=3\u0026SUBMIT=+ACCEPT+"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004007"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004007"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7404"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 2.3,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 2.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.7,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/5411136-1en_r3.pdf?req=raa\u0026direction=5411136-1en\u0026filename=5411136-1en_r3.pdf\u0026filerev=3\u0026docrev_org=3"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7404"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7404"
          },
          {
            "trust": 0.3,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms%204.2%20mtg.pdf?docclass=a\u0026req=rac\u0026direction=0908141\u0026filename=0908141_dms+4.2+mtg.pdf\u0026filerev=d\u0026docrev_org=d\u0026submit=+accept+"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/76168"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05139"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7404"
          },
          {
            "db": "BID",
            "id": "76168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-032"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7404"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05139"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7404"
          },
          {
            "db": "BID",
            "id": "76168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-032"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7404"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05139"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-7404"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76168"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004007"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-032"
          },
          {
            "date": "2015-08-04T14:59:21.673000",
            "db": "NVD",
            "id": "CVE-2013-7404"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05139"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-7404"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76168"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004007"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-032"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2013-7404"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-032"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Discovery NM 750b Trust Management Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05139"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-032"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-032"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0275

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. (1) For admin users CANal1 password (2) IIS For users iis password It is unknown whether this password is default, hard-coded, or dependent on other systems or products that require a fixed value.It may be subject to unspecified effects and attacks. An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0275",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "centricity pacs workstation",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "gehealthcare",
            "version": "4.0.1"
          },
          {
            "model": "centricity pacs workstation",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "gehealthcare",
            "version": "4.0"
          },
          {
            "model": "centricity pacs",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": "4.0"
          },
          {
            "model": "centricity pacs",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": "4.0.1"
          },
          {
            "model": "centricity pacs workstation",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "4.0"
          },
          {
            "model": "centricity pacs workstation",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "4.0.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05137"
          },
          {
            "db": "BID",
            "id": "76178"
          },
          {
            "db": "BID",
            "id": "76169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004009"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-034"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7442"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:gehealthcare:centricity_pacs_workstation",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004009"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven",
        "sources": [
          {
            "db": "BID",
            "id": "76178"
          },
          {
            "db": "BID",
            "id": "76169"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-034"
          }
        ],
        "trust": 1.2
      },
      "cve": "CVE-2013-7442",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-7442",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05137",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-7442",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-7442",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05137",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-034",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2013-7442",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05137"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7442"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004009"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-034"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7442"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. (1) For admin users CANal1 password (2) IIS For users iis password It is unknown whether this password is default, hard-coded, or dependent on other systems or products that require a fixed value.It may be subject to unspecified effects and attacks. An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-7442"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004009"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05137"
          },
          {
            "db": "BID",
            "id": "76178"
          },
          {
            "db": "BID",
            "id": "76169"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7442"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-7442",
            "trust": 3.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 1.9
          },
          {
            "db": "BID",
            "id": "76169",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004009",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05137",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-034",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76178",
            "trust": 0.3
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7442",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05137"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7442"
          },
          {
            "db": "BID",
            "id": "76178"
          },
          {
            "db": "BID",
            "id": "76169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004009"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-034"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7442"
          }
        ]
      },
      "id": "VAR-201508-0275",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05137"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05137"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:04:05.950000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0 Release)",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
          },
          {
            "title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0.1 Release)",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004009"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004009"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7442"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 2.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.4,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
          },
          {
            "trust": 1.2,
            "url": "http://www3.gehealthcare.com/en"
          },
          {
            "trust": 1.1,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 1.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?req=raa\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7442"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7442"
          },
          {
            "trust": 0.7,
            "url": "https://www.securityfocus.com/bid/76169"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05137"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7442"
          },
          {
            "db": "BID",
            "id": "76178"
          },
          {
            "db": "BID",
            "id": "76169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004009"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-034"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7442"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05137"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7442"
          },
          {
            "db": "BID",
            "id": "76178"
          },
          {
            "db": "BID",
            "id": "76169"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004009"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-034"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7442"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05137"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-7442"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76178"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76169"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004009"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-034"
          },
          {
            "date": "2015-08-04T14:59:23.657000",
            "db": "NVD",
            "id": "CVE-2013-7442"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05137"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-7442"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76178"
          },
          {
            "date": "2019-04-12T17:00:00",
            "db": "BID",
            "id": "76169"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004009"
          },
          {
            "date": "2019-04-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-034"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2013-7442"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "76178"
          },
          {
            "db": "BID",
            "id": "76169"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity PACS Workstation Trust Management Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05137"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-034"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "76178"
          },
          {
            "db": "BID",
            "id": "76169"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0009

    Vulnerability from variot - Updated: 2025-04-13 23:04

    The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0009",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "optima mr360",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "optima mr360",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "optima mr360",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "optima mr360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05173"
          },
          {
            "db": "BID",
            "id": "76248"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5307"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:optima_mr360_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004014"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven",
        "sources": [
          {
            "db": "BID",
            "id": "76248"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2010-5307",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2010-5307",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05173",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-47912",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2010-5307",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2010-5307",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05173",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-021",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-47912",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05173"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47912"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5307"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors.  NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-5307"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004014"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05173"
          },
          {
            "db": "BID",
            "id": "76248"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47912"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2010-5307",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004014",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-021",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05173",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76248",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-47912",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05173"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47912"
          },
          {
            "db": "BID",
            "id": "76248"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5307"
          }
        ]
      },
      "id": "VAR-201508-0009",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-47912"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-13T23:04:05.910000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Optima MR360 1.5T MR system Operator Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004014"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-47912"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004014"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5307"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 1.9,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.7,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 1.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026direction=5339461-1en\u0026filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026filerev=4\u0026docrev_org=4"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5307"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5307"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en"
          },
          {
            "trust": 0.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026amp;direction=5339461-1en\u0026amp;filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05173"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47912"
          },
          {
            "db": "BID",
            "id": "76248"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5307"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05173"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47912"
          },
          {
            "db": "BID",
            "id": "76248"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-021"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5307"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05173"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-47912"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76248"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004014"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-021"
          },
          {
            "date": "2015-08-04T14:59:10.517000",
            "db": "NVD",
            "id": "CVE-2010-5307"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05173"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-47912"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76248"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004014"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-021"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2010-5307"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-021"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Optima MR360 of  HIPAA Vulnerability in configuration interface",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004014"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-021"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0003

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors. GE Healthcare Discovery VH is a dual-detection gamma camera from General Electric (GE) of the United States for full-body scanning of patients in the medical industry and providing superior image quality. An attacker could exploit this vulnerability to control the device. GE Healthcare Discovery VH is prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0003",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "discovery vh",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "discovery vh",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "healthcare discovery vh",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "discovery vh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05145"
          },
          {
            "db": "BID",
            "id": "76278"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003994"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-015"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-1603"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:discovery_vh",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003994"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven",
        "sources": [
          {
            "db": "BID",
            "id": "76278"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2003-1603",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2003-1603",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05145",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2003-1603",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2003-1603",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05145",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-015",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003994"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-015"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-1603"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) \"2\" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors. GE Healthcare Discovery VH is a dual-detection gamma camera from General Electric (GE) of the United States for full-body scanning of patients in the medical industry and providing superior image quality. An attacker could exploit this vulnerability to control the device. GE Healthcare Discovery VH is prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit  this vulnerability to gain unauthorized access and perform unauthorized  actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2003-1603"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003994"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05145"
          },
          {
            "db": "BID",
            "id": "76278"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2003-1603",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003994",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05145",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-015",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76278",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05145"
          },
          {
            "db": "BID",
            "id": "76278"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003994"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-015"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-1603"
          }
        ]
      },
      "id": "VAR-201508-0003",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05145"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05145"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:04:05.877000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Discovery VH System Service Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA\u0026DIRECTION=2337093-100\u0026FILENAME=2337093-100.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003994"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003994"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-1603"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 1.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2337093-100.pdf?req=raa\u0026direction=2337093-100\u0026filename=2337093-100.pdf\u0026filerev=1\u0026docrev_org=1"
          },
          {
            "trust": 1.6,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-1603"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2003-1603"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05145"
          },
          {
            "db": "BID",
            "id": "76278"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003994"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-015"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-1603"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05145"
          },
          {
            "db": "BID",
            "id": "76278"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003994"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-015"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-1603"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05145"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76278"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003994"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-015"
          },
          {
            "date": "2015-08-04T14:59:04.127000",
            "db": "NVD",
            "id": "CVE-2003-1603"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05145"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76278"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003994"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-015"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2003-1603"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-015"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Discovery VH Trust Management Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05145"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-015"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-015"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0020

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The vulnerability stems from the ddpadmin user using 'ddpadmin' as the password. An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0020",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "centricity pacs workstation",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "gehealthcare",
            "version": "4.0.1"
          },
          {
            "model": "centricity pacs workstation",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "gehealthcare",
            "version": "4.0"
          },
          {
            "model": "centricity pacs",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": "4.0"
          },
          {
            "model": "centricity pacs",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": "4.0.1"
          },
          {
            "model": "centricity pacs workstation",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "4.0"
          },
          {
            "model": "centricity pacs workstation",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "4.0.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05140"
          },
          {
            "db": "BID",
            "id": "76172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-031"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6695"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:gehealthcare:centricity_pacs_workstation",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004006"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven",
        "sources": [
          {
            "db": "BID",
            "id": "76172"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-6695",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2012-6695",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05140",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-6695",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-6695",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05140",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-031",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-031"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6695"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The vulnerability stems from the ddpadmin user using \u0027ddpadmin\u0027 as the password. An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-6695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004006"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05140"
          },
          {
            "db": "BID",
            "id": "76172"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-6695",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004006",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05140",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-031",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76172",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05140"
          },
          {
            "db": "BID",
            "id": "76172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-031"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6695"
          }
        ]
      },
      "id": "VAR-201508-0020",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05140"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05140"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:04:05.845000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0 Release)",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
          },
          {
            "title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0.1 Release)",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004006"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004006"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6695"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 2.2,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 1.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?req=raa\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1"
          },
          {
            "trust": 1.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6695"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6695"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05140"
          },
          {
            "db": "BID",
            "id": "76172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-031"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6695"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05140"
          },
          {
            "db": "BID",
            "id": "76172"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-031"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6695"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05140"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76172"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004006"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-031"
          },
          {
            "date": "2015-08-04T14:59:20.597000",
            "db": "NVD",
            "id": "CVE-2012-6695"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05140"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76172"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004006"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-031"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2012-6695"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-031"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity PACS Vulnerability in workstation",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004006"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-031"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0011

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging.

    GE Healthcare CADStream Server has built-in accounts. The admin uses a 'confirma' password, allowing remote attackers to use these accounts to control the device. An attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0011",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cadstream server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "cadstream server",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "cadstream server",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "cadstream server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05171"
          },
          {
            "db": "BID",
            "id": "76185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-023"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5309"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:cadstream_server_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004016"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven",
        "sources": [
          {
            "db": "BID",
            "id": "76185"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2010-5309",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2010-5309",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05171",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-47914",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2010-5309",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2010-5309",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05171",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-023",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-47914",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2010-5309",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05171"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-5309"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-023"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5309"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. \n\nGE Healthcare CADStream Server has built-in accounts. The admin uses a \u0027confirma\u0027 password, allowing remote attackers to use these accounts to control the device. \nAn attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-5309"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05171"
          },
          {
            "db": "BID",
            "id": "76185"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-5309"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2010-5309",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004016",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-023",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05171",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76185",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-47914",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-5309",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05171"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-5309"
          },
          {
            "db": "BID",
            "id": "76185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-023"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5309"
          }
        ]
      },
      "id": "VAR-201508-0011",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-47914"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-13T23:04:05.809000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Optima MR360 1.5T MR system Operator Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004016"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-47914"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004016"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5309"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 2.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.8,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 1.7,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026direction=5339461-1en\u0026filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026filerev=4\u0026docrev_org=4"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5309"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5309"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en/global_gateway"
          },
          {
            "trust": 0.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026amp;direction=5339461-1en\u0026amp;filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05171"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-5309"
          },
          {
            "db": "BID",
            "id": "76185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-023"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5309"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05171"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-5309"
          },
          {
            "db": "BID",
            "id": "76185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-023"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5309"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05171"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-47914"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2010-5309"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76185"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004016"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-023"
          },
          {
            "date": "2015-08-04T14:59:12.457000",
            "db": "NVD",
            "id": "CVE-2010-5309"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05171"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-47914"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2010-5309"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76185"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004016"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-023"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2010-5309"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-023"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare CADStream Server Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004016"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-023"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0018

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. GE Healthcare Centricity PACS is the company's image archiving and transmission system for the medical industry. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0018",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "centricity pacs server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "gehealthcare",
            "version": "4.0"
          },
          {
            "model": "centricity pacs",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": "4.0"
          },
          {
            "model": "centricity pacs",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "4.0"
          },
          {
            "model": "centricity pacs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05168"
          },
          {
            "db": "BID",
            "id": "76183"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-029"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6693"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:gehealthcare:centricity_pacs_workstation",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004004"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven",
        "sources": [
          {
            "db": "BID",
            "id": "76183"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-6693",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2012-6693",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05168",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-6693",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-6693",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05168",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-029",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-029"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6693"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. GE Healthcare Centricity PACS is the company\u0027s image archiving and transmission system for the medical industry. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-6693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004004"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05168"
          },
          {
            "db": "BID",
            "id": "76183"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-6693",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004004",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05168",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-029",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76183",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05168"
          },
          {
            "db": "BID",
            "id": "76183"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-029"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6693"
          }
        ]
      },
      "id": "VAR-201508-0018",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2025-04-13T23:04:05.717000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Centricity PACS Workstation Installation and Service Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
          },
          {
            "title": "Centricity PACS Servers Service Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C4x_SRV_SVC_2063464-001r2.pdf?REQ=RAA\u0026DIRECTION=2063464-001\u0026FILENAME=C4x_SRV_SVC_2063464-001r2.pdf\u0026FILEREV=2\u0026DOCREV_ORG=2"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004004"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004004"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6693"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 1.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.6,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 1.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
          },
          {
            "trust": 1.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/c4x_srv_svc_2063464-001r2.pdf?req=raa\u0026direction=2063464-001\u0026filename=c4x_srv_svc_2063464-001r2.pdf\u0026filerev=2\u0026docrev_org=2"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6693"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6693"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.in/en/products/categories/healthcare_it/medical_imaging_informatics_-_ris-pacs-cvis/centricity_pacs"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05168"
          },
          {
            "db": "BID",
            "id": "76183"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-029"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6693"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05168"
          },
          {
            "db": "BID",
            "id": "76183"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-029"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6693"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05168"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76183"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004004"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-029"
          },
          {
            "date": "2015-08-04T14:59:18.643000",
            "db": "NVD",
            "id": "CVE-2012-6693"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05168"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76183"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004004"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-029"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2012-6693"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-029"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity PACS Server vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004004"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-029"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0006

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC and MyoSIGHT are all US Scandinavian (GE) scanning camera products for the medical industry. An attacker could exploit this vulnerability to control the device. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0006",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "millennium myosight",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "millennium nc",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "millennium mg",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "millennium mg",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "millennium myosight",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "millennium nc",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "healthcare millennium mg/nc/myosight",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "millennium nc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          },
          {
            "model": "millennium myosight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          },
          {
            "model": "millennium mg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05132"
          },
          {
            "db": "BID",
            "id": "76277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003993"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-014"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2446"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:millennium_mg_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:millennium_myosight_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:millennium_nc_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003993"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven of Protiviti.",
        "sources": [
          {
            "db": "BID",
            "id": "76277"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2002-2446",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2002-2446",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05132",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-6829",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2002-2446",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2002-2446",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05132",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-014",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-6829",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2002-2446",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05132"
          },
          {
            "db": "VULHUB",
            "id": "VHN-6829"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-2446"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003993"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-014"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2446"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC and MyoSIGHT are all US Scandinavian (GE) scanning camera products for the medical industry. An attacker could exploit this vulnerability to control the device. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-2446"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003993"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05132"
          },
          {
            "db": "BID",
            "id": "76277"
          },
          {
            "db": "VULHUB",
            "id": "VHN-6829"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-2446"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2002-2446",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003993",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05132",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-014",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76277",
            "trust": 0.5
          },
          {
            "db": "VULHUB",
            "id": "VHN-6829",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-2446",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05132"
          },
          {
            "db": "VULHUB",
            "id": "VHN-6829"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-2446"
          },
          {
            "db": "BID",
            "id": "76277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003993"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-014"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2446"
          }
        ]
      },
      "id": "VAR-201508-0006",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05132"
          },
          {
            "db": "VULHUB",
            "id": "VHN-6829"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05132"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:04:05.648000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Millennium MyoSIGHT Nuclear Medicine Imaging System Service Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA\u0026DIRECTION=2354459-100\u0026FILENAME=2354459-100.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www3.gehealthcare.com/en/global_gateway"
          },
          {
            "title": "Millenium MG \u0026 MC Nuclear Medicine Imaging System Service Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA\u0026DIRECTION=2338955-100\u0026FILENAME=2338955-100.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003993"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-6829"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003993"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2446"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 2.4,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 2.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.7,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2338955-100.pdf?req=raa\u0026direction=2338955-100\u0026filename=2338955-100.pdf\u0026filerev=1\u0026docrev_org=1"
          },
          {
            "trust": 1.7,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2354459-100.pdf?req=raa\u0026direction=2354459-100\u0026filename=2354459-100.pdf\u0026filerev=4\u0026docrev_org=4"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-2446"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2002-2446"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en/global_gateway"
          },
          {
            "trust": 0.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2338955-100.pdf?req=raa\u0026amp;direction=2338955-100\u0026amp;filename=2338955-100.pdf\u0026amp;filerev=1\u0026amp;docrev_org=1"
          },
          {
            "trust": 0.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2354459-100.pdf?req=raa\u0026amp;direction=2354459-100\u0026amp;filename=2354459-100.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/76277"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05132"
          },
          {
            "db": "VULHUB",
            "id": "VHN-6829"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-2446"
          },
          {
            "db": "BID",
            "id": "76277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003993"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-014"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2446"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05132"
          },
          {
            "db": "VULHUB",
            "id": "VHN-6829"
          },
          {
            "db": "VULMON",
            "id": "CVE-2002-2446"
          },
          {
            "db": "BID",
            "id": "76277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003993"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-014"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2446"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05132"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-6829"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2002-2446"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76277"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003993"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-014"
          },
          {
            "date": "2015-08-04T14:59:02.877000",
            "db": "NVD",
            "id": "CVE-2002-2446"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05132"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-6829"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2002-2446"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76277"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003993"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-014"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2002-2446"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-014"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  GE Healthcare Millennium Product vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003993"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-014"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0007

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0007",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "centricity image vault",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gehealthcare",
            "version": "*"
          },
          {
            "model": "centricity cardiology image vault",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": "3.x"
          },
          {
            "model": "healthcare centricity image vault",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "centricity image vault",
            "scope": null,
            "trust": 0.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "centricity image vault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05144"
          },
          {
            "db": "BID",
            "id": "76279"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-016"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-2777"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:centricity_image_vault_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003995"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven of Protiviti.",
        "sources": [
          {
            "db": "BID",
            "id": "76279"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2004-2777",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2004-2777",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05144",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-11205",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2004-2777",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2004-2777",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05144",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-016",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-11205",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2004-2777",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05144"
          },
          {
            "db": "VULHUB",
            "id": "VHN-11205"
          },
          {
            "db": "VULMON",
            "id": "CVE-2004-2777"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-016"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-2777"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-2777"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003995"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05144"
          },
          {
            "db": "BID",
            "id": "76279"
          },
          {
            "db": "VULHUB",
            "id": "VHN-11205"
          },
          {
            "db": "VULMON",
            "id": "CVE-2004-2777"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2004-2777",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003995",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-016",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05144",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76279",
            "trust": 0.5
          },
          {
            "db": "VULHUB",
            "id": "VHN-11205",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2004-2777",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05144"
          },
          {
            "db": "VULHUB",
            "id": "VHN-11205"
          },
          {
            "db": "VULMON",
            "id": "CVE-2004-2777"
          },
          {
            "db": "BID",
            "id": "76279"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-016"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-2777"
          }
        ]
      },
      "id": "VAR-201508-0007",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05144"
          },
          {
            "db": "VULHUB",
            "id": "VHN-11205"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05144"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:04:05.610000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Centricity Cardiology Image Vault Service Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA\u0026DIRECTION=2010564-002\u0026FILENAME=2010564-002E.pdf\u0026FILEREV=E\u0026DOCREV_ORG=E"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003995"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-11205"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003995"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-2777"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 2.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 2.0,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2010564-002e.pdf?req=raa\u0026direction=2010564-002\u0026filename=2010564-002e.pdf\u0026filerev=e\u0026docrev_org=e"
          },
          {
            "trust": 1.8,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-2777"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2004-2777"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en/global_gateway"
          },
          {
            "trust": 0.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2010564-002e.pdf?req=raa\u0026amp;direction=2010564-002\u0026amp;filename=2010564-002e.pdf\u0026amp;filerev=e\u0026amp;docrev_org=e"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/76279"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05144"
          },
          {
            "db": "VULHUB",
            "id": "VHN-11205"
          },
          {
            "db": "VULMON",
            "id": "CVE-2004-2777"
          },
          {
            "db": "BID",
            "id": "76279"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-016"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-2777"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05144"
          },
          {
            "db": "VULHUB",
            "id": "VHN-11205"
          },
          {
            "db": "VULMON",
            "id": "CVE-2004-2777"
          },
          {
            "db": "BID",
            "id": "76279"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003995"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-016"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-2777"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05144"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-11205"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2004-2777"
          },
          {
            "date": "2015-07-10T00:00:00",
            "db": "BID",
            "id": "76279"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003995"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-016"
          },
          {
            "date": "2015-08-04T14:59:05.237000",
            "db": "NVD",
            "id": "CVE-2004-2777"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05144"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-11205"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2004-2777"
          },
          {
            "date": "2015-07-10T00:00:00",
            "db": "BID",
            "id": "76279"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003995"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-016"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2004-2777"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-016"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity Image Vault Trust Management Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05144"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-016"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-016"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0001

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0001",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "centricity dms",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "gehealthcare",
            "version": "4.2"
          },
          {
            "model": "centricity dms",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "gehealthcare",
            "version": "4.1"
          },
          {
            "model": "centricity dms",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "gehealthcare",
            "version": "4.0"
          },
          {
            "model": "centricity cardiology data management system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": "4.0"
          },
          {
            "model": "centricity cardiology data management system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": "4.1"
          },
          {
            "model": "centricity cardiology data management system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": "4.2"
          },
          {
            "model": "healthcare centricity dms",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05142"
          },
          {
            "db": "BID",
            "id": "76263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-6757"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:centricity_dms_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003997"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven of Protiviti.",
        "sources": [
          {
            "db": "BID",
            "id": "76263"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2007-6757",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2007-6757",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05142",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-30119",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2007-6757",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2007-6757",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05142",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-018",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-30119",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2007-6757",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05142"
          },
          {
            "db": "VULHUB",
            "id": "VHN-30119"
          },
          {
            "db": "VULMON",
            "id": "CVE-2007-6757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-6757"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2007-6757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003997"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05142"
          },
          {
            "db": "BID",
            "id": "76263"
          },
          {
            "db": "VULHUB",
            "id": "VHN-30119"
          },
          {
            "db": "VULMON",
            "id": "CVE-2007-6757"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2007-6757",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003997",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-018",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05142",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76263",
            "trust": 0.5
          },
          {
            "db": "VULHUB",
            "id": "VHN-30119",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2007-6757",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05142"
          },
          {
            "db": "VULHUB",
            "id": "VHN-30119"
          },
          {
            "db": "VULMON",
            "id": "CVE-2007-6757"
          },
          {
            "db": "BID",
            "id": "76263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-6757"
          }
        ]
      },
      "id": "VAR-201508-0001",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05142"
          },
          {
            "db": "VULHUB",
            "id": "VHN-30119"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05142"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:04:05.572000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Centricity Cardiology Data Management System System Management Manual Software Version 4.1",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2019295-133G.pdf?REQ=RAA\u0026DIRECTION=2019295-133\u0026FILENAME=2019295-133G.pdf\u0026FILEREV=G\u0026DOCREV_ORG=G"
          },
          {
            "title": "Centricity Cardiology Data Management System System Management Manual Software Version 4.0",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2019295-133D.pdf?REQ=RAA\u0026DIRECTION=2019295-133D\u0026FILENAME=2019295-133D.pdf\u0026FILEREV=D\u0026DOCREV_ORG=D"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003997"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-30119"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003997"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-6757"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 2.4,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 2.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.7,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133d.pdf?req=raa\u0026direction=2019295-133d\u0026filename=2019295-133d.pdf\u0026filerev=d\u0026docrev_org=d"
          },
          {
            "trust": 1.7,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133g.pdf?req=raa\u0026direction=2019295-133\u0026filename=2019295-133g.pdf\u0026filerev=g\u0026docrev_org=g"
          },
          {
            "trust": 1.7,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/dms+sys+mgmt+manual.pdf?req=raa\u0026direction=doc1258180\u0026filename=dms%2bsys%2bmgmt%2bmanual.pdf\u0026filerev=3\u0026docrev_org=3"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6757"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6757"
          },
          {
            "trust": 0.3,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133d.pdf?docclass=a\u0026req=rac\u0026direction=2019295-133d\u0026filename=2019295-133d.pdf\u0026filerev=d\u0026docrev_org=d\u0026submit=+accept+"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en/global_gateway"
          },
          {
            "trust": 0.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133d.pdf?req=raa\u0026amp;direction=2019295-133d\u0026amp;filename=2019295-133d.pdf\u0026amp;filerev=d\u0026amp;docrev_org=d"
          },
          {
            "trust": 0.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133g.pdf?req=raa\u0026amp;direction=2019295-133\u0026amp;filename=2019295-133g.pdf\u0026amp;filerev=g\u0026amp;docrev_org=g"
          },
          {
            "trust": 0.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/dms+sys+mgmt+manual.pdf?req=raa\u0026amp;direction=doc1258180\u0026amp;filename=dms%2bsys%2bmgmt%2bmanual.pdf\u0026amp;filerev=3\u0026amp;docrev_org=3"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/76263"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05142"
          },
          {
            "db": "VULHUB",
            "id": "VHN-30119"
          },
          {
            "db": "VULMON",
            "id": "CVE-2007-6757"
          },
          {
            "db": "BID",
            "id": "76263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-6757"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05142"
          },
          {
            "db": "VULHUB",
            "id": "VHN-30119"
          },
          {
            "db": "VULMON",
            "id": "CVE-2007-6757"
          },
          {
            "db": "BID",
            "id": "76263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-6757"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05142"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-30119"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2007-6757"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76263"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003997"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-018"
          },
          {
            "date": "2015-08-04T14:59:07.300000",
            "db": "NVD",
            "id": "CVE-2007-6757"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05142"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-30119"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2007-6757"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76263"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003997"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-018"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2007-6757"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-018"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity DMS Trust Management Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05142"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-018"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-018"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0597

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability. GE Healthcare Precision THUNIS-800+ (PT800+) is an integrated digital remote control multi-function X-ray machine (X-ray generating equipment) for the medical industry. There is a security vulnerability in GE Healthcare PT800+. An attacker could exploit this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0597",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "precision thunis-800\\+",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gehealthcare",
            "version": "*"
          },
          {
            "model": "precision thunis-800+",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "precision thunis-800+",
            "scope": null,
            "trust": 0.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "precision thunis-800\\+",
            "scope": null,
            "trust": 0.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "electric healthcare precision thunis-800+",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05135"
          },
          {
            "db": "BID",
            "id": "76170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7233"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:gehealthcare:precision_thunis-800%2B",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004011"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven of Protiviti.",
        "sources": [
          {
            "db": "BID",
            "id": "76170"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-7233",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-7233",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05135",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-7233",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-7233",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05135",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-036",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05135"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7233"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors.  NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability. GE Healthcare Precision THUNIS-800+ (PT800+) is an integrated digital remote control multi-function X-ray machine (X-ray generating equipment) for the medical industry. There is a security vulnerability in GE Healthcare PT800+. An attacker could exploit this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-7233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004011"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05135"
          },
          {
            "db": "BID",
            "id": "76170"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-7233",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004011",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05135",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-036",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76170",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05135"
          },
          {
            "db": "BID",
            "id": "76170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7233"
          }
        ]
      },
      "id": "VAR-201508-0597",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05135"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05135"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:04:05.541000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GE Healthcare Precision THUNIS-800+ R\u0026F System Service Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004011"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004011"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7233"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 1.9,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 1.9,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/5458232-1en+r4.pdf?req=raa\u0026direction=5458232-1en\u0026filename=5458232-1en%2br4.pdf\u0026filerev=4\u0026docrev_org=4"
          },
          {
            "trust": 1.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7233"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7233"
          },
          {
            "trust": 0.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/5458232-1en+r4.pdf?req=raa\u0026amp;direction=5458232-1en\u0026amp;filename=5458232-1en%2br4.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en/global_gateway"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05135"
          },
          {
            "db": "BID",
            "id": "76170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7233"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05135"
          },
          {
            "db": "BID",
            "id": "76170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7233"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05135"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "BID",
            "id": "76170"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004011"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-036"
          },
          {
            "date": "2015-08-04T14:59:25.720000",
            "db": "NVD",
            "id": "CVE-2014-7233"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05135"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "BID",
            "id": "76170"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004011"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-036"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-7233"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-036"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Precision THUNIS-800+ Trust Management Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-036"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-036"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0002

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Discovery 530C is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging.

    GE Healthcare Discovery 530C has built-in accounts. The acqservice user and the Xeleris System wsservice user ‘# bigguy1’ are used as passwords, allowing remote attackers to use these accounts to control devices. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0002",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "discovery 530c",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "discovery nm 530c",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "discovery 530c",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "discovery 530c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05167"
          },
          {
            "db": "BID",
            "id": "76261"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003998"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-019"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-5143"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:discovery_530c_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003998"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven",
        "sources": [
          {
            "db": "BID",
            "id": "76261"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2009-5143",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2009-5143",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05167",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-42589",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2009-5143",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2009-5143",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05167",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-019",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-42589",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2009-5143",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05167"
          },
          {
            "db": "VULHUB",
            "id": "VHN-42589"
          },
          {
            "db": "VULMON",
            "id": "CVE-2009-5143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003998"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-019"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-5143"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Discovery 530C is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. \n\nGE Healthcare Discovery 530C has built-in accounts. The acqservice user and the Xeleris System wsservice user \u2018# bigguy1\u2019 are used as passwords, allowing remote attackers to use these accounts to control devices. \nRemote attackers with knowledge of the default credentials may exploit  this vulnerability to gain unauthorized access and perform unauthorized  actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2009-5143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003998"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05167"
          },
          {
            "db": "BID",
            "id": "76261"
          },
          {
            "db": "VULHUB",
            "id": "VHN-42589"
          },
          {
            "db": "VULMON",
            "id": "CVE-2009-5143"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2009-5143",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003998",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-019",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05167",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76261",
            "trust": 0.5
          },
          {
            "db": "VULHUB",
            "id": "VHN-42589",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2009-5143",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05167"
          },
          {
            "db": "VULHUB",
            "id": "VHN-42589"
          },
          {
            "db": "VULMON",
            "id": "CVE-2009-5143"
          },
          {
            "db": "BID",
            "id": "76261"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003998"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-019"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-5143"
          }
        ]
      },
      "id": "VAR-201508-0002",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-42589"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-13T23:04:05.504000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Discovery NM 530c Nuclear Medicine Imaging System Installation Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5323167-1EN_r2.pdf?REQ=RAA\u0026DIRECTION=5323167-1EN\u0026FILENAME=5323167-1EN_r2.pdf\u0026FILEREV=2\u0026DOCREV_ORG=2"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003998"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-42589"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003998"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-5143"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 2.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.8,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 1.7,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/5323167-1en_r2.pdf?req=raa\u0026direction=5323167-1en\u0026filename=5323167-1en_r2.pdf\u0026filerev=2\u0026docrev_org=2"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-5143"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-5143"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en"
          },
          {
            "trust": 0.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/5323167-1en_r2.pdf?req=raa\u0026amp;direction=5323167-1en\u0026amp;filename=5323167-1en_r2.pdf\u0026amp;filerev=2\u0026amp;docrev_org=2"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/76261"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05167"
          },
          {
            "db": "VULHUB",
            "id": "VHN-42589"
          },
          {
            "db": "VULMON",
            "id": "CVE-2009-5143"
          },
          {
            "db": "BID",
            "id": "76261"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003998"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-019"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-5143"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05167"
          },
          {
            "db": "VULHUB",
            "id": "VHN-42589"
          },
          {
            "db": "VULMON",
            "id": "CVE-2009-5143"
          },
          {
            "db": "BID",
            "id": "76261"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003998"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-019"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-5143"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05167"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-42589"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2009-5143"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76261"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003998"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-019"
          },
          {
            "date": "2015-08-04T14:59:08.347000",
            "db": "NVD",
            "id": "CVE-2009-5143"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05167"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-42589"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2009-5143"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76261"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003998"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-019"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2009-5143"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-019"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Discovery 530C Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003998"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-019"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0008

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors. GE Healthcare Optima CT680, CT540, CT640, and CT520 are general computed tomography products for the medical industry. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0008",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "optima ct520",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "optima ct680",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "optima ct540",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "optima ct520",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "optima ct540",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "optima ct640",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "optima ct680",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "optima ct680",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "optima ct540",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "optima ct640",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "optima ct520",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "optima ct680",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          },
          {
            "model": "optima ct640",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          },
          {
            "model": "optima ct540",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          },
          {
            "model": "optima ct520",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05169"
          },
          {
            "db": "BID",
            "id": "76262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-020"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5306"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:optima_ct520_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:optima_ct540_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:optima_ct640_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:optima_ct680_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004013"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven of Protiviti.",
        "sources": [
          {
            "db": "BID",
            "id": "76262"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2010-5306",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2010-5306",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05169",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-47911",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2010-5306",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2010-5306",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05169",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-020",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-47911",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05169"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47911"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-020"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5306"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors. GE Healthcare Optima CT680, CT540, CT640, and CT520 are general computed tomography products for the medical industry. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-5306"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05169"
          },
          {
            "db": "BID",
            "id": "76262"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47911"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2010-5306",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004013",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-020",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05169",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76262",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-47911",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05169"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47911"
          },
          {
            "db": "BID",
            "id": "76262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-020"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5306"
          }
        ]
      },
      "id": "VAR-201508-0008",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05169"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47911"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05169"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:04:05.468000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Optima CT680 Series Installation Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5472001-1EN_rev2.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5472001-1EN\u0026FILENAME=5472001-1EN_rev2.pdf\u0026FILEREV=2\u0026DOCREV_ORG=2\u0026SUBMIT=+ACCEPT+"
          },
          {
            "title": "BrightSpeed Elite/Optima CT540 Installation Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5341628-1EN_r12.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5341628-1EN\u0026FILENAME=5341628-1EN_r12.pdf\u0026FILEREV=12\u0026DOCREV_ORG=12\u0026SUBMIT=+ACCEPT+"
          },
          {
            "title": "Optima CT520 Series Installation Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5401943_rev%203.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5401943\u0026FILENAME=5401943_rev+3.pdf\u0026FILEREV=3\u0026DOCREV_ORG=3\u0026SUBMIT=+ACCEPT+"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004013"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-47911"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004013"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5306"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 1.9,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.9,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/5341628-1en_r12.pdf?req=raa\u0026direction=5341628-1en\u0026filename=5341628-1en_r12.pdf\u0026filerev=12\u0026docrev_org=12"
          },
          {
            "trust": 1.9,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/5401943_rev+3.pdf?req=raa\u0026direction=5401943\u0026filename=5401943_rev%2b3.pdf\u0026filerev=3\u0026docrev_org=3"
          },
          {
            "trust": 1.9,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/5472001-1en_rev2.pdf?req=raa\u0026direction=5472001-1en\u0026filename=5472001-1en_rev2.pdf\u0026filerev=2\u0026docrev_org=2"
          },
          {
            "trust": 1.7,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5306"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5306"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en/global_gateway"
          },
          {
            "trust": 0.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/5341628-1en_r12.pdf?req=raa\u0026amp;direction=5341628-1en\u0026amp;filename=5341628-1en_r12.pdf\u0026amp;filerev=12\u0026amp;docrev_org=12"
          },
          {
            "trust": 0.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/5401943_rev+3.pdf?req=raa\u0026amp;direction=5401943\u0026amp;filename=5401943_rev%2b3.pdf\u0026amp;filerev=3\u0026amp;docrev_org=3"
          },
          {
            "trust": 0.1,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/5472001-1en_rev2.pdf?req=raa\u0026amp;direction=5472001-1en\u0026amp;filename=5472001-1en_rev2.pdf\u0026amp;filerev=2\u0026amp;docrev_org=2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05169"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47911"
          },
          {
            "db": "BID",
            "id": "76262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-020"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5306"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05169"
          },
          {
            "db": "VULHUB",
            "id": "VHN-47911"
          },
          {
            "db": "BID",
            "id": "76262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-020"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-5306"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05169"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-47911"
          },
          {
            "date": "2015-07-10T00:00:00",
            "db": "BID",
            "id": "76262"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004013"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-020"
          },
          {
            "date": "2015-08-04T14:59:09.503000",
            "db": "NVD",
            "id": "CVE-2010-5306"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05169"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-47911"
          },
          {
            "date": "2015-07-10T00:00:00",
            "db": "BID",
            "id": "76262"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004013"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-020"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2010-5306"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-020"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  GE Healthcare Optima Product vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004013"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-020"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0004

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare eNTEGRA P&R Uses passwords for the following and other accounts, and is vulnerable to unspecified effects and attacks. GE Healthcare eNTEGRA P & R (Processing & Review) is a medical nuclear computer system for the medical industry from General Electric (GE).

    A security vulnerability exists in GE Healthcare eNTEGRA P & R. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0004",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "entegra p\\\u0026r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gehealthcare",
            "version": "*"
          },
          {
            "model": "entegra p\u0026r",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "healthcare entegra p\u0026r",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "entegra p\\\u0026r",
            "scope": null,
            "trust": 0.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "entegra p\u0026r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05149"
          },
          {
            "db": "BID",
            "id": "76280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003991"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-012"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1594"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gehealthcare:entegra_p%26r_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003991"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven",
        "sources": [
          {
            "db": "BID",
            "id": "76280"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2001-1594",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2001-1594",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05149",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-1594",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2001-1594",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05149",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-012",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2001-1594",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05149"
          },
          {
            "db": "VULMON",
            "id": "CVE-2001-1594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003991"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-012"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1594"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare eNTEGRA P\u0026R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P\u0026R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare eNTEGRA P\u0026R Uses passwords for the following and other accounts, and is vulnerable to unspecified effects and attacks. GE Healthcare eNTEGRA P \u0026 R (Processing \u0026 Review) is a medical nuclear computer system for the medical industry from General Electric (GE). \n\nA security vulnerability exists in GE Healthcare eNTEGRA P \u0026 R. An attacker could use this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit  this vulnerability to gain unauthorized access and perform unauthorized  actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003991"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05149"
          },
          {
            "db": "BID",
            "id": "76280"
          },
          {
            "db": "VULMON",
            "id": "CVE-2001-1594"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2001-1594",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003991",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05149",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-012",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76280",
            "trust": 0.3
          },
          {
            "db": "VULMON",
            "id": "CVE-2001-1594",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05149"
          },
          {
            "db": "VULMON",
            "id": "CVE-2001-1594"
          },
          {
            "db": "BID",
            "id": "76280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003991"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-012"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1594"
          }
        ]
      },
      "id": "VAR-201508-0004",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05149"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05149"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:04:05.433000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "eNTEGRA P\u0026R Nuclear Imaging System System Service Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2263784.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=2263784-100\u0026FILENAME=2263784.pdf\u0026FILEREV=5\u0026DOCREV_ORG=5\u0026SUBMIT=+ACCEPT+"
          },
          {
            "title": "vmengine",
            "trust": 0.1,
            "url": "https://github.com/wsbespalov/vmengine "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2001-1594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003991"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003991"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1594"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 2.0,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2263784.pdf?docclass=a\u0026req=rac\u0026direction=2263784-100\u0026filename=2263784.pdf\u0026filerev=5\u0026docrev_org=5\u0026submit=+accept+"
          },
          {
            "trust": 2.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.7,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-1594"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2001-1594"
          },
          {
            "trust": 0.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/2263784.pdf?docclass=a\u0026amp;req=rac\u0026amp;direction=2263784-100\u0026amp;filename=2263784.pdf\u0026amp;filerev=5\u0026amp;docrev_org=5\u0026amp;submit=+accept+"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/wsbespalov/vmengine"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05149"
          },
          {
            "db": "VULMON",
            "id": "CVE-2001-1594"
          },
          {
            "db": "BID",
            "id": "76280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003991"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-012"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1594"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05149"
          },
          {
            "db": "VULMON",
            "id": "CVE-2001-1594"
          },
          {
            "db": "BID",
            "id": "76280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003991"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-012"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1594"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05149"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2001-1594"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76280"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003991"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-012"
          },
          {
            "date": "2015-08-04T14:59:00.143000",
            "db": "NVD",
            "id": "CVE-2001-1594"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05149"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2001-1594"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76280"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003991"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-012"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2001-1594"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-012"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare eNTEGRA P\u0026R Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003991"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-012"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0019

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. GE Healthcare Centricity PACS is an image archiving and transmission system (PACS) for the medical industry of General Electric (GE). Workstation is a PACS workstation; Server is a PACS server. The vulnerability stems from the use of ‘2charGE’ as the password for the geservice account. An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0019",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "centricity pacs workstation",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "gehealthcare",
            "version": "4.0.1"
          },
          {
            "model": "centricity pacs workstation",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "gehealthcare",
            "version": "4.0"
          },
          {
            "model": "centricity pacs server",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "gehealthcare",
            "version": "4.0"
          },
          {
            "model": "centricity pacs",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": "4.0"
          },
          {
            "model": "centricity pacs",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": "4.0.1"
          },
          {
            "model": "centricity pacs workstation",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "4.0"
          },
          {
            "model": "centricity pacs workstation",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "4.0.1"
          },
          {
            "model": "centricity pacs server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "4.0"
          },
          {
            "model": "healthcare centricity pacs workstation/server",
            "scope": null,
            "trust": 0.6,
            "vendor": "general electric",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05141"
          },
          {
            "db": "BID",
            "id": "76175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004005"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-030"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6694"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:gehealthcare:centricity_pacs_workstation",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004005"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "76175"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-6694",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2012-6694",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05141",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-6694",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-6694",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05141",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-030",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004005"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-030"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6694"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. GE Healthcare Centricity PACS is an image archiving and transmission system (PACS) for the medical industry of General Electric (GE). Workstation is a PACS workstation; Server is a PACS server. The vulnerability stems from the use of \u20182charGE\u2019 as the password for the geservice account. An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-6694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004005"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05141"
          },
          {
            "db": "BID",
            "id": "76175"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-6694",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004005",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05141",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-030",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76175",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05141"
          },
          {
            "db": "BID",
            "id": "76175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004005"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-030"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6694"
          }
        ]
      },
      "id": "VAR-201508-0019",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05141"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05141"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:04:05.402000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0 Release)",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
          },
          {
            "title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0.1 Release)",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004005"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004005"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6694"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 2.2,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 1.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
          },
          {
            "trust": 1.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?req=raa\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6694"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6694"
          },
          {
            "trust": 0.3,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?docclass=a\u0026req=rac\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1\u0026submit=+ac"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05141"
          },
          {
            "db": "BID",
            "id": "76175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004005"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-030"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6694"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05141"
          },
          {
            "db": "BID",
            "id": "76175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004005"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-030"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6694"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05141"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76175"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004005"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-030"
          },
          {
            "date": "2015-08-04T14:59:19.613000",
            "db": "NVD",
            "id": "CVE-2012-6694"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05141"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76175"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004005"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-030"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2012-6694"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-030"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity PACS Workstation and Server Trust Management Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05141"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-030"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-030"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201508-0596

    Vulnerability from variot - Updated: 2025-04-13 23:04

    GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. (1) insite For users 2getin password (2) xruser For users 4$xray password (3) root For users #superxr password It is unknown whether this password is default, hard-coded, or dependent on other systems or products that require a fixed value.It may be subject to unspecified effects and attacks. An attacker could exploit this vulnerability to control the device. Multiple GE Healthcare products are prone to a security-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0596",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "discovery xr656 g2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gehealthcare",
            "version": "*"
          },
          {
            "model": "discovery xr656",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gehealthcare",
            "version": "*"
          },
          {
            "model": "discovery xr656",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "discovery xr656 g2",
            "scope": null,
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": null
          },
          {
            "model": "discovery xr656",
            "scope": null,
            "trust": 0.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "discovery xr656 g2",
            "scope": null,
            "trust": 0.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "discovery xr656",
            "scope": null,
            "trust": 0.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "discovery xr656 g2",
            "scope": null,
            "trust": 0.6,
            "vendor": "gehealthcare",
            "version": null
          },
          {
            "model": "discovery xr656 g2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          },
          {
            "model": "discovery xr656",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05136"
          },
          {
            "db": "BID",
            "id": "76167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7232"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:gehealthcare:discovery_xr656",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:gehealthcare:discovery_xr656_g2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004010"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Scott Erven",
        "sources": [
          {
            "db": "BID",
            "id": "76167"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-7232",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-7232",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05136",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-7232",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-7232",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05136",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-035",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-7232",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05136"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-7232"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7232"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. (1) insite For users 2getin password (2) xruser For users 4$xray password (3) root For users #superxr password It is unknown whether this password is default, hard-coded, or dependent on other systems or products that require a fixed value.It may be subject to unspecified effects and attacks. An attacker could exploit this vulnerability to control the device. Multiple GE Healthcare products are prone to a security-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-7232"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004010"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05136"
          },
          {
            "db": "BID",
            "id": "76167"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-7232"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-7232",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-037-02",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004010",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05136",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-035",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76167",
            "trust": 0.4
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-7232",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05136"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-7232"
          },
          {
            "db": "BID",
            "id": "76167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7232"
          }
        ]
      },
      "id": "VAR-201508-0596",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05136"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05136"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:04:05.368000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Discovery XR656 Installation Manual",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/IM-5343950-1EN.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5343950-1EN\u0026FILENAME=IM-5343950-1EN.pdf\u0026FILEREV=7\u0026DOCREV_ORG=7\u0026SUBMIT=+ACCEPT+"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004010"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004010"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7232"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 2.3,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 2.0,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/im-5343950-1en.pdf?docclass=a\u0026req=rac\u0026direction=5343950-1en\u0026filename=im-5343950-1en.pdf\u0026filerev=7\u0026docrev_org=7\u0026submit=+accept+"
          },
          {
            "trust": 2.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
          },
          {
            "trust": 1.7,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/5643835-1en_r1.pdf?req=raa\u0026direction=5643835-1en\u0026filename=5643835-1en_r1.pdf\u0026filerev=1\u0026docrev_org=1"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7232"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7232"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en/global_gateway"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/76167"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05136"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-7232"
          },
          {
            "db": "BID",
            "id": "76167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7232"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05136"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-7232"
          },
          {
            "db": "BID",
            "id": "76167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7232"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05136"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-7232"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76167"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004010"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-035"
          },
          {
            "date": "2015-08-04T14:59:24.753000",
            "db": "NVD",
            "id": "CVE-2014-7232"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05136"
          },
          {
            "date": "2018-03-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-7232"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76167"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004010"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-035"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-7232"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-035"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Discovery XR656 and XR656 G2 Trust Management Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05136"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-035"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-035"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-1438

    Vulnerability from variot - Updated: 2024-11-23 22:25

    In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. GE Aestiva and Aespire Contains an authentication vulnerability.Information may be tampered with. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1438",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "aestiva 7100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "aespire 7100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "aestiva 7900",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "aespire 7900",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "aespire 7100",
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "aespire 7900",
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "aestiva 7100",
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "aestiva 7900",
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "aestiva",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "7900"
          },
          {
            "model": "aestiva",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "7100"
          },
          {
            "model": "aespire",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "7900"
          },
          {
            "model": "aespire",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gehealthcare",
            "version": "7100"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "109102"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006520"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10966"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:ge:aespire_7100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:ge:aespire_7900_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:ge:aestiva_7100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:ge:aestiva_7900_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006520"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Elad Luz of CyberMDX",
        "sources": [
          {
            "db": "BID",
            "id": "109102"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-532"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2019-10966",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-10966",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-142565",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-10966",
                "impactScore": 1.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-10966",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-10966",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-10966",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-532",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-142565",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142565"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006520"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-532"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10966"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. GE Aestiva and Aespire Contains an authentication vulnerability.Information may be tampered with. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10966"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006520"
          },
          {
            "db": "BID",
            "id": "109102"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142565"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10966",
            "trust": 2.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-19-190-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "109102",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006520",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-532",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2526",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-142565",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142565"
          },
          {
            "db": "BID",
            "id": "109102"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006520"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-532"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10966"
          }
        ]
      },
      "id": "VAR-201907-1438",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142565"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:25:53.387000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.ge.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006520"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142565"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006520"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10966"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-19-190-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/109102"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10966"
          },
          {
            "trust": 0.9,
            "url": "http://www.ge-ip.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10966"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2526/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142565"
          },
          {
            "db": "BID",
            "id": "109102"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006520"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-532"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10966"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-142565"
          },
          {
            "db": "BID",
            "id": "109102"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006520"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-532"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10966"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-142565"
          },
          {
            "date": "2019-07-09T00:00:00",
            "db": "BID",
            "id": "109102"
          },
          {
            "date": "2019-07-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006520"
          },
          {
            "date": "2019-07-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-532"
          },
          {
            "date": "2019-07-10T18:15:10.817000",
            "db": "NVD",
            "id": "CVE-2019-10966"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-142565"
          },
          {
            "date": "2019-07-09T00:00:00",
            "db": "BID",
            "id": "109102"
          },
          {
            "date": "2019-07-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006520"
          },
          {
            "date": "2019-07-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-532"
          },
          {
            "date": "2024-11-21T04:20:15.650000",
            "db": "NVD",
            "id": "CVE-2019-10966"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-532"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Aestiva and  Aespire Authentication vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006520"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-532"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2014-9736 (GCVE-0-2014-9736)

    Vulnerability from nvd – Published: 2015-08-04 10:00 – Updated: 2024-08-06 13:55
    VLAI
    Summary
    GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:55:04.528Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://apps.gehealthcare.com/servlet/ClientServlet/DOC1474072_ATR_InstSvcMan.pdf?REQ=RAA\u0026DIRECTION=DOC1474072\u0026FILENAME=DOC1474072_ATR_InstSvcMan.pdf\u0026FILEREV=--\u0026DOCREV_ORG=--"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/digitalbond/status/619250429751222277"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-08-04T09:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/DOC1474072_ATR_InstSvcMan.pdf?REQ=RAA\u0026DIRECTION=DOC1474072\u0026FILENAME=DOC1474072_ATR_InstSvcMan.pdf\u0026FILEREV=--\u0026DOCREV_ORG=--"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/digitalbond/status/619250429751222277"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9736",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
                  "refsource": "MISC",
                  "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
                },
                {
                  "name": "http://apps.gehealthcare.com/servlet/ClientServlet/DOC1474072_ATR_InstSvcMan.pdf?REQ=RAA\u0026DIRECTION=DOC1474072\u0026FILENAME=DOC1474072_ATR_InstSvcMan.pdf\u0026FILEREV=--\u0026DOCREV_ORG=--",
                  "refsource": "CONFIRM",
                  "url": "http://apps.gehealthcare.com/servlet/ClientServlet/DOC1474072_ATR_InstSvcMan.pdf?REQ=RAA\u0026DIRECTION=DOC1474072\u0026FILENAME=DOC1474072_ATR_InstSvcMan.pdf\u0026FILEREV=--\u0026DOCREV_ORG=--"
                },
                {
                  "name": "https://twitter.com/digitalbond/status/619250429751222277",
                  "refsource": "MISC",
                  "url": "https://twitter.com/digitalbond/status/619250429751222277"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9736",
        "datePublished": "2015-08-04T10:00:00.000Z",
        "dateReserved": "2015-07-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:55:04.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7233 (GCVE-0-2014-7233)

    Vulnerability from nvd – Published: 2015-08-04 10:00 – Updated: 2024-08-06 12:40
    VLAI
    Summary
    GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:40:19.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/digitalbond/status/619250429751222277"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors.  NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/digitalbond/status/619250429751222277"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-7233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors.  NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4",
                  "refsource": "CONFIRM",
                  "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
                },
                {
                  "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
                  "refsource": "MISC",
                  "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
                },
                {
                  "name": "https://twitter.com/digitalbond/status/619250429751222277",
                  "refsource": "MISC",
                  "url": "https://twitter.com/digitalbond/status/619250429751222277"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-7233",
        "datePublished": "2015-08-04T10:00:00.000Z",
        "dateReserved": "2014-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:40:19.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7232 (GCVE-0-2014-7232)

    Vulnerability from nvd – Published: 2015-08-04 10:00 – Updated: 2024-08-06 12:40
    VLAI
    Summary
    GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-04-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:40:19.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5643835-1EN_r1.pdf?REQ=RAA\u0026DIRECTION=5643835-1EN\u0026FILENAME=5643835-1EN_r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://apps.gehealthcare.com/servlet/ClientServlet/IM-5343950-1EN.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5343950-1EN\u0026FILENAME=IM-5343950-1EN.pdf\u0026FILEREV=7\u0026DOCREV_ORG=7\u0026SUBMIT=+ACCEPT+"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/digitalbond/status/619250429751222277"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-04-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5643835-1EN_r1.pdf?REQ=RAA\u0026DIRECTION=5643835-1EN\u0026FILENAME=5643835-1EN_r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/IM-5343950-1EN.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5343950-1EN\u0026FILENAME=IM-5343950-1EN.pdf\u0026FILEREV=7\u0026DOCREV_ORG=7\u0026SUBMIT=+ACCEPT+"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/digitalbond/status/619250429751222277"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-7232",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://apps.gehealthcare.com/servlet/ClientServlet/5643835-1EN_r1.pdf?REQ=RAA\u0026DIRECTION=5643835-1EN\u0026FILENAME=5643835-1EN_r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1",
                  "refsource": "CONFIRM",
                  "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5643835-1EN_r1.pdf?REQ=RAA\u0026DIRECTION=5643835-1EN\u0026FILENAME=5643835-1EN_r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
                },
                {
                  "name": "http://apps.gehealthcare.com/servlet/ClientServlet/IM-5343950-1EN.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5343950-1EN\u0026FILENAME=IM-5343950-1EN.pdf\u0026FILEREV=7\u0026DOCREV_ORG=7\u0026SUBMIT=+ACCEPT+",
                  "refsource": "CONFIRM",
                  "url": "http://apps.gehealthcare.com/servlet/ClientServlet/IM-5343950-1EN.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5343950-1EN\u0026FILENAME=IM-5343950-1EN.pdf\u0026FILEREV=7\u0026DOCREV_ORG=7\u0026SUBMIT=+ACCEPT+"
                },
                {
                  "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
                  "refsource": "MISC",
                  "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
                },
                {
                  "name": "https://twitter.com/digitalbond/status/619250429751222277",
                  "refsource": "MISC",
                  "url": "https://twitter.com/digitalbond/status/619250429751222277"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-7232",
        "datePublished": "2015-08-04T10:00:00.000Z",
        "dateReserved": "2014-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:40:19.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7442 (GCVE-0-2013-7442)

    Vulnerability from nvd – Published: 2015-08-04 10:00 – Updated: 2024-08-06 18:09
    VLAI
    Summary
    GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-06-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:09:16.908Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/digitalbond/status/619250429751222277"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-06-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/digitalbond/status/619250429751222277"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7442",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1",
                  "refsource": "CONFIRM",
                  "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
                },
                {
                  "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
                  "refsource": "MISC",
                  "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
                },
                {
                  "name": "https://twitter.com/digitalbond/status/619250429751222277",
                  "refsource": "MISC",
                  "url": "https://twitter.com/digitalbond/status/619250429751222277"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
                },
                {
                  "name": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1",
                  "refsource": "CONFIRM",
                  "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7442",
        "datePublished": "2015-08-04T10:00:00.000Z",
        "dateReserved": "2015-07-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:09:16.908Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7405 (GCVE-0-2013-7405)

    Vulnerability from nvd – Published: 2015-08-04 10:00 – Updated: 2024-08-06 18:09
    VLAI
    Summary
    The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2013-06-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:09:16.723Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/digitalbond/status/619250429751222277"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://apps.gehealthcare.com/servlet/ClientServlet/0908141_DMS+4.2+MTG.pdf?REQ=RAA\u0026DIRECTION=0908141\u0026FILENAME=0908141_DMS%2B4.2%2BMTG.pdf\u0026FILEREV=D\u0026DOCREV_ORG=D"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-06-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-08-04T09:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/digitalbond/status/619250429751222277"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/0908141_DMS+4.2+MTG.pdf?REQ=RAA\u0026DIRECTION=0908141\u0026FILENAME=0908141_DMS%2B4.2%2BMTG.pdf\u0026FILEREV=D\u0026DOCREV_ORG=D"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7405",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
                  "refsource": "MISC",
                  "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
                },
                {
                  "name": "https://twitter.com/digitalbond/status/619250429751222277",
                  "refsource": "MISC",
                  "url": "https://twitter.com/digitalbond/status/619250429751222277"
                },
                {
                  "name": "http://apps.gehealthcare.com/servlet/ClientServlet/0908141_DMS+4.2+MTG.pdf?REQ=RAA\u0026DIRECTION=0908141\u0026FILENAME=0908141_DMS%2B4.2%2BMTG.pdf\u0026FILEREV=D\u0026DOCREV_ORG=D",
                  "refsource": "CONFIRM",
                  "url": "http://apps.gehealthcare.com/servlet/ClientServlet/0908141_DMS+4.2+MTG.pdf?REQ=RAA\u0026DIRECTION=0908141\u0026FILENAME=0908141_DMS%2B4.2%2BMTG.pdf\u0026FILEREV=D\u0026DOCREV_ORG=D"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7405",
        "datePublished": "2015-08-04T10:00:00.000Z",
        "dateReserved": "2014-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:09:16.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7404 (GCVE-0-2013-7404)

    Vulnerability from nvd – Published: 2015-08-04 10:00 – Updated: 2024-08-06 18:09
    VLAI
    Summary
    GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2013-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:09:16.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?REQ=RAA\u0026DIRECTION=5411136-1EN\u0026FILENAME=5411136-1EN_r3.pdf\u0026FILEREV=3\u0026DOCREV_ORG=3"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/digitalbond/status/619250429751222277"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?REQ=RAA\u0026DIRECTION=5411136-1EN\u0026FILENAME=5411136-1EN_r3.pdf\u0026FILEREV=3\u0026DOCREV_ORG=3"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/digitalbond/status/619250429751222277"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7404",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?REQ=RAA\u0026DIRECTION=5411136-1EN\u0026FILENAME=5411136-1EN_r3.pdf\u0026FILEREV=3\u0026DOCREV_ORG=3",
                  "refsource": "CONFIRM",
                  "url": "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?REQ=RAA\u0026DIRECTION=5411136-1EN\u0026FILENAME=5411136-1EN_r3.pdf\u0026FILEREV=3\u0026DOCREV_ORG=3"
                },
                {
                  "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
                  "refsource": "MISC",
                  "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
                },
                {
                  "name": "https://twitter.com/digitalbond/status/619250429751222277",
                  "refsource": "MISC",
                  "url": "https://twitter.com/digitalbond/status/619250429751222277"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7404",
        "datePublished": "2015-08-04T10:00:00.000Z",
        "dateReserved": "2014-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:09:16.677Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-6695 (GCVE-0-2012-6695)

    Vulnerability from nvd – Published: 2015-08-04 10:00 – Updated: 2024-08-06 21:36
    VLAI
    Summary
    GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-06-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:36:02.049Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/digitalbond/status/619250429751222277"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-06-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/digitalbond/status/619250429751222277"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-6695",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1",
                  "refsource": "CONFIRM",
                  "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
                },
                {
                  "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
                  "refsource": "MISC",
                  "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
                },
                {
                  "name": "https://twitter.com/digitalbond/status/619250429751222277",
                  "refsource": "MISC",
                  "url": "https://twitter.com/digitalbond/status/619250429751222277"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
                },
                {
                  "name": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1",
                  "refsource": "CONFIRM",
                  "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-6695",
        "datePublished": "2015-08-04T10:00:00.000Z",
        "dateReserved": "2015-07-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:36:02.049Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-6694 (GCVE-0-2012-6694)

    Vulnerability from nvd – Published: 2015-08-04 10:00 – Updated: 2024-08-06 21:36
    VLAI
    Summary
    GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-06-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:36:01.967Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/digitalbond/status/619250429751222277"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-06-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/digitalbond/status/619250429751222277"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-6694",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1",
                  "refsource": "CONFIRM",
                  "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
                },
                {
                  "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
                  "refsource": "MISC",
                  "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
                },
                {
                  "name": "https://twitter.com/digitalbond/status/619250429751222277",
                  "refsource": "MISC",
                  "url": "https://twitter.com/digitalbond/status/619250429751222277"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
                },
                {
                  "name": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1",
                  "refsource": "CONFIRM",
                  "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-6694",
        "datePublished": "2015-08-04T10:00:00.000Z",
        "dateReserved": "2015-07-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:36:01.967Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }