Vulnerability-Lookup

CNVD-2015-05144

Vulnerability from cnvd - Published: 2015-08-06

Title

GE Healthcare Centricity Image Vault信任管理漏洞

Description

GE Healthcare Centricity Image Vault是美国通用电气（GE）公司的一个用于医疗行业的Vivid心血管超声图片库。 GE Healthcare Centricity Image Vault 3.x版本中存在安全漏洞，该漏洞源于administrator账户使用‘gemnet’作为密码；ASACA DVD库的webadmin administrator账户使用‘webadmin’作为密码；Ultrasound Database的gemsservice账户使用空密码；GEMNet license服务器的gemnet2002账户使用‘gemnet2002’作为密码。攻击者可利用该漏洞控制设备。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： http://www.gehealthcare.com/

Reference

http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/

Impacted products

Name
General Electric Company Healthcare Centricity Image Vault

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2004-2777"
    }
  },
  "description": "GE Healthcare Centricity Image Vault\u662f\u7f8e\u56fd\u901a\u7528\u7535\u6c14\uff08GE\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u533b\u7597\u884c\u4e1a\u7684Vivid\u5fc3\u8840\u7ba1\u8d85\u58f0\u56fe\u7247\u5e93\u3002\r\n\r\nGE Healthcare Centricity Image Vault 3.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eadministrator\u8d26\u6237\u4f7f\u7528\u2018gemnet\u2019\u4f5c\u4e3a\u5bc6\u7801\uff1bASACA DVD\u5e93\u7684webadmin administrator\u8d26\u6237\u4f7f\u7528\u2018webadmin\u2019\u4f5c\u4e3a\u5bc6\u7801\uff1bUltrasound Database\u7684gemsservice\u8d26\u6237\u4f7f\u7528\u7a7a\u5bc6\u7801\uff1bGEMNet license\u670d\u52a1\u5668\u7684gemnet2002\u8d26\u6237\u4f7f\u7528\u2018gemnet2002\u2019\u4f5c\u4e3a\u5bc6\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u8bbe\u5907\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttp://www.gehealthcare.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-05144",
  "openTime": "2015-08-06",
  "products": {
    "product": "General Electric Company Healthcare Centricity Image Vault"
  },
  "referenceLink": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
  "serverity": "\u9ad8",
  "submitTime": "2015-08-05",
  "title": "GE Healthcare Centricity Image Vault\u4fe1\u4efb\u7ba1\u7406\u6f0f\u6d1e"
}

CVE-2004-2777 (GCVE-0-2004-2777)

Vulnerability from cvelistv5 – Published: 2015-08-04 10:00 – Updated: 2024-08-08 01:36

Summary

GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://apps.gehealthcare.com/servlet/ClientServle…	x_refsource_CONFIRM
	http://www.forbes.com/sites/thomasbrewster/2015/0…	x_refsource_MISC
	https://twitter.com/digitalbond/status/6192504297…	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:36:25.351Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA\u0026DIRECTION=2010564-002\u0026FILENAME=2010564-002E.pdf\u0026FILEREV=E\u0026DOCREV_ORG=E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-04-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-27T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA\u0026DIRECTION=2010564-002\u0026FILENAME=2010564-002E.pdf\u0026FILEREV=E\u0026DOCREV_ORG=E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/digitalbond/status/619250429751222277"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2777",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA\u0026DIRECTION=2010564-002\u0026FILENAME=2010564-002E.pdf\u0026FILEREV=E\u0026DOCREV_ORG=E",
              "refsource": "CONFIRM",
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA\u0026DIRECTION=2010564-002\u0026FILENAME=2010564-002E.pdf\u0026FILEREV=E\u0026DOCREV_ORG=E"
            },
            {
              "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
              "refsource": "MISC",
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
            },
            {
              "name": "https://twitter.com/digitalbond/status/619250429751222277",
              "refsource": "MISC",
              "url": "https://twitter.com/digitalbond/status/619250429751222277"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2777",
    "datePublished": "2015-08-04T10:00:00",
    "dateReserved": "2014-09-29T00:00:00",
    "dateUpdated": "2024-08-08T01:36:25.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-05144

CVE-2004-2777 (GCVE-0-2004-2777)

Tags

Sightings

Nomenclature