Vulnerability-Lookup

BDU:2021-01651

Vulnerability from fstec - Published: 08.12.2020

Title

Уязвимость медицинского диагностического оборудования GE Healthcare, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или повысить свои привилегии

Description

Уязвимость медицинского диагностического оборудования GE Healthcare связана с отсутствием защиты служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к защищаемой информации или повысить свои привилегии

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

GE Healthcare

Software Name

Signa HDxt 3.0T, Signa HDx 3.0T, Brivo MR355 1.5T, Optima MR360, Signa HDx 1.5T, Signa HDi, Signa VIBRANT, LOGIQ 5, LOGIQ 7, LOGIQ 9, Vivid I, Vivid 7, EchoPAC (Turnkey), Image Vault (Turnkey), Voluson 730, AW, AWS, Innova 2000, Innova 3100, Innova 4100, Innova 2100-IQ, Innova 3100-IQ, Innova 4100-IQ, Innova 212-IQ, Innova 313-IQ, Optima 320, Optima CL320i, Optima CL323i, Optima CL320, Optima 3100, Optima IGS 320, Optima IGS 330, Innova IGS 5x0, Innova IGS 6x0, Innova IGS 7x0, Brivo XR118, Brivo XR383, Brivo XR515, Brivo XR575, Definium 5000, Definium 6000, Definium 8000, Definium AMX 700, Discovery XR650, Discovery XR656, Discovery XR656+, Optima XR640, Optima XR646, Optima XR220amx, Optima XR200amx, Precision 500D, Precision WDR1, Seno 200D, Seno DS, Seno Essential, Senographe Pristina, BrightSpeed Elite, BrightSpeed Elite Select, BrightSpeed Edge, BrightSpeed Edge Select, Brivo CT385, Discovery CT590RT, Discovery CT750HD, LightSpeed VCT, LightSpeed Pro16, LightSpeed RT16, Optima Advance, Optima CT520, Optima CT540, Optima CT660, Optima CT580, Optima CT580RT, Optima CT580W, Optima CT670, Optima CT680 Quantum, Optima CT680 Expert & Professional, Revolution EVO, Revolution HD, Revolution ACT, Revolution ACTs, Revolution CT, Revolution Discovery CT, Revolution Frontier, Revolution Frontier ES, Brivo NM 615, Discovery NM 630, Discovery NM 750b, Discovery NM D530c, Discovery NM D570c, Discovery CT D570c, Discovery NM 670, Discovery CT 670, Infinia, Discovery NM830, Discovery NM 860, Discovery CT 860, Discovery NM CT850, Discovery CT850, Discovery NM CT 870, Discovery CT 870, Discovery MI MI DR, Discovery IQ, Optima NM 640, Optima CT 640, Ventri, Xeleris, PET Discovery IQ, PET Discovery IQ upgrade, PETtrace 800

Software Version

HD 16 (Signa HDxt 3.0T), HD 23 (Signa HDxt 3.0T), HD 16 (Signa HDx 3.0T), HD 23 (Signa HDx 3.0T), SV20.1 (Brivo MR355 1.5T), SV23.0 (Brivo MR355 1.5T), SV20.1 (Optima MR360), SV23.0 (Optima MR360), HD 16 (Signa HDx 1.5T), HD 23 (Signa HDx 1.5T), HD 16 (Signa HDi), HD 23 (Signa HDi), HD 16 (Signa VIBRANT), HD 23 (Signa VIBRANT), BT03 (LOGIQ 5), BT03 (LOGIQ 7), BT04 (LOGIQ 7), BT06 (LOGIQ 7), BT02 (LOGIQ 9), BT03 (LOGIQ 9), BT04 (LOGIQ 9), BT06 (LOGIQ 9), BT06 (Vivid I), от BT02 до BT06 включительно (Vivid 7), BT06 (EchoPAC (Turnkey)), 4.3 (Image Vault (Turnkey)), BT05 (Voluson 730), BT08 (Voluson 730), от 4.0 до 4.6 включительно (AW), от 2.0 до 3.0 включительно (AWS), - (Innova 2000), - (Innova 3100), - (Innova 4100), - (Innova 2100-IQ), - (Innova 3100-IQ), - (Innova 4100-IQ), - (Innova 212-IQ), - (Innova 313-IQ), - (Optima 320), - (Optima CL320i), - (Optima CL323i), - (Optima CL320), - (Optima 3100), - (Optima IGS 320), - (Optima IGS 330), - (Innova IGS 5x0), - (Innova IGS 6x0), - (Innova IGS 7x0), - (Brivo XR118), - (Brivo XR383), - (Brivo XR515), - (Brivo XR575), - (Definium 5000), - (Definium 6000), - (Definium 8000), - (Definium AMX 700), - (Discovery XR650), - (Discovery XR656), - (Discovery XR656+), - (Optima XR640), - (Optima XR646), - (Optima XR220amx), - (Optima XR200amx), - (Precision 500D), - (Precision WDR1), - (Seno 200D), - (Seno DS), - (Seno Essential), - (Senographe Pristina), - (BrightSpeed Elite), - (BrightSpeed Elite Select), - (BrightSpeed Edge), - (BrightSpeed Edge Select), - (Brivo CT385), - (Discovery CT590RT), - (Discovery CT750HD), - (LightSpeed VCT), - (LightSpeed Pro16), - (LightSpeed RT16), - (Optima Advance), - (Optima CT520), - (Optima CT540), - (Optima CT660), - (Optima CT580), - (Optima CT580RT), - (Optima CT580W), - (Optima CT670), - (Optima CT680 Quantum), - (Optima CT680 Expert & Professional), - (Revolution EVO), - (Revolution HD), - (Revolution ACT), - (Revolution ACTs), - (Revolution CT), - (Revolution Discovery CT), - (Revolution Frontier), - (Revolution Frontier ES), - (Brivo NM 615), - (Discovery NM 630), - (Discovery NM 750b), - (Discovery NM D530c), - (Discovery NM D570c), - (Discovery CT D570c), - (Discovery NM 670), - (Discovery CT 670), - (Infinia), - (Discovery NM830), - (Discovery NM 860), - (Discovery CT 860), - (Discovery NM CT850), - (Discovery CT850), - (Discovery NM CT 870), - (Discovery CT 870), - (Discovery MI MI DR), - (Discovery IQ), - (Optima NM 640), - (Optima CT 640), - (Ventri), - (Xeleris), - (PET Discovery IQ), - (PET Discovery IQ upgrade), - (PETtrace 800)

Possible Mitigations

Использование рекомендаций: https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-25179 https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01 https://vulmon.com/vulnerabilitydetails?qid=CVE-2020-25179 https://www.cybermdx.com/research/vulnerability-ge-radiology-201208/

CWE

CWE-200, CWE-497

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "GE Healthcare",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "HD 16 (Signa HDxt 3.0T), HD 23 (Signa HDxt 3.0T), HD 16 (Signa HDx 3.0T), HD 23 (Signa HDx 3.0T), SV20.1 (Brivo MR355 1.5T), SV23.0 (Brivo MR355 1.5T), SV20.1 (Optima MR360), SV23.0 (Optima MR360), HD 16 (Signa HDx 1.5T), HD 23 (Signa HDx 1.5T), HD 16 (Signa HDi), HD 23 (Signa HDi), HD 16 (Signa VIBRANT), HD 23 (Signa VIBRANT), BT03 (LOGIQ 5), BT03 (LOGIQ 7), BT04 (LOGIQ 7), BT06 (LOGIQ 7), BT02 (LOGIQ 9), BT03 (LOGIQ 9), BT04 (LOGIQ 9), BT06 (LOGIQ 9), BT06 (Vivid I), \u043e\u0442 BT02 \u0434\u043e BT06 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Vivid 7), BT06 (EchoPAC (Turnkey)), 4.3 (Image Vault (Turnkey)), BT05 (Voluson 730), BT08 (Voluson 730), \u043e\u0442 4.0 \u0434\u043e 4.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (AW), \u043e\u0442 2.0 \u0434\u043e 3.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (AWS), - (Innova 2000), - (Innova 3100), - (Innova 4100), - (Innova 2100-IQ), - (Innova 3100-IQ), - (Innova 4100-IQ), - (Innova 212-IQ), - (Innova 313-IQ), - (Optima 320), - (Optima CL320i), - (Optima CL323i), - (Optima CL320), - (Optima 3100), - (Optima IGS 320), - (Optima IGS 330), - (Innova IGS 5x0), - (Innova IGS 6x0), - (Innova IGS 7x0), - (Brivo XR118), - (Brivo XR383), - (Brivo XR515), - (Brivo XR575), - (Definium 5000), - (Definium 6000), - (Definium 8000), - (Definium AMX 700), - (Discovery XR650), - (Discovery XR656), - (Discovery XR656+), - (Optima XR640), - (Optima XR646), - (Optima XR220amx), - (Optima XR200amx), - (Precision 500D), - (Precision WDR1), - (Seno 200D), - (Seno DS), - (Seno Essential), - (Senographe Pristina), - (BrightSpeed Elite), - (BrightSpeed Elite Select), - (BrightSpeed Edge), - (BrightSpeed Edge Select), - (Brivo CT385), - (Discovery CT590RT), - (Discovery CT750HD), - (LightSpeed VCT), - (LightSpeed Pro16), - (LightSpeed RT16), - (Optima Advance), - (Optima CT520), - (Optima CT540), - (Optima CT660), - (Optima CT580), - (Optima CT580RT), - (Optima CT580W), - (Optima CT670), - (Optima CT680 Quantum), - (Optima CT680 Expert \u0026 Professional), - (Revolution EVO), - (Revolution HD), - (Revolution ACT), - (Revolution ACTs), - (Revolution CT), - (Revolution Discovery CT), - (Revolution Frontier), - (Revolution Frontier ES), - (Brivo NM 615), - (Discovery NM 630), - (Discovery NM 750b), - (Discovery NM D530c), - (Discovery NM D570c), - (Discovery CT D570c), - (Discovery NM 670), - (Discovery CT 670), - (Infinia), - (Discovery NM830), - (Discovery NM 860), - (Discovery CT 860), - (Discovery NM CT850), - (Discovery CT850), - (Discovery NM CT 870), - (Discovery CT 870), - (Discovery MI MI DR), - (Discovery IQ), - (Optima NM 640), - (Optima CT 640), - (Ventri), - (Xeleris), - (PET Discovery IQ), - (PET Discovery IQ upgrade), - (PETtrace 800)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://us-cert.cisa.gov/ics/advisories/icsma-20-343-01",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.12.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.03.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01651",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-25179",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Signa HDxt 3.0T, Signa HDx 3.0T, Brivo MR355 1.5T, Optima MR360, Signa HDx 1.5T, Signa HDi, Signa VIBRANT, LOGIQ 5, LOGIQ 7, LOGIQ 9, Vivid I, Vivid 7, EchoPAC (Turnkey), Image Vault (Turnkey), Voluson 730, AW, AWS, Innova 2000, Innova 3100, Innova 4100, Innova 2100-IQ, Innova 3100-IQ, Innova 4100-IQ, Innova 212-IQ, Innova 313-IQ, Optima 320, Optima CL320i, Optima CL323i, Optima CL320, Optima 3100, Optima IGS 320, Optima IGS 330, Innova IGS 5x0, Innova IGS 6x0, Innova IGS 7x0, Brivo XR118, Brivo XR383, Brivo XR515, Brivo XR575, Definium 5000, Definium 6000, Definium 8000, Definium AMX 700, Discovery XR650, Discovery XR656, Discovery XR656+, Optima XR640, Optima XR646, Optima XR220amx, Optima XR200amx, Precision 500D, Precision WDR1, Seno 200D, Seno DS, Seno Essential, Senographe Pristina, BrightSpeed Elite, BrightSpeed Elite Select, BrightSpeed Edge, BrightSpeed Edge Select, Brivo CT385, Discovery CT590RT, Discovery CT750HD, LightSpeed VCT, LightSpeed Pro16, LightSpeed RT16, Optima Advance, Optima CT520, Optima CT540, Optima CT660, Optima CT580, Optima CT580RT, Optima CT580W, Optima CT670, Optima CT680 Quantum, Optima CT680 Expert \u0026 Professional, Revolution EVO, Revolution HD, Revolution ACT, Revolution ACTs, Revolution CT, Revolution Discovery CT, Revolution Frontier, Revolution Frontier ES, Brivo NM 615, Discovery NM 630, Discovery NM 750b, Discovery NM D530c, Discovery NM D570c, Discovery CT D570c, Discovery NM 670, Discovery CT 670, Infinia, Discovery NM830, Discovery NM 860, Discovery CT 860, Discovery NM CT850, Discovery CT850, Discovery NM CT 870, Discovery CT 870, Discovery MI MI DR, Discovery IQ, Optima NM 640, Optima CT 640, Ventri, Xeleris, PET Discovery IQ, PET Discovery IQ upgrade, PETtrace 800",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0434\u0438\u0446\u0438\u043d\u0441\u043a\u043e\u0433\u043e \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f GE Healthcare, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200), \u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0434\u043b\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 (CWE-497)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0434\u0438\u0446\u0438\u043d\u0441\u043a\u043e\u0433\u043e \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f GE Healthcare \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2020-25179\nhttps://us-cert.cisa.gov/ics/advisories/icsma-20-343-01\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2020-25179\nhttps://www.cybermdx.com/research/vulnerability-ge-radiology-201208/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200, CWE-497",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CVE-2020-25179 (GCVE-0-2020-25179)

Vulnerability from cvelistv5 – Published: 2020-12-14 16:12 – Updated: 2024-08-04 15:26

Summary

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.

Severity ?

No CVSS data available.

CWE

CWE-497 - EXPOSURE OF SENSITIVE SYSTEM INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497

Assigner

icscert

References

URL

Tags

https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	GE Healthcare Imaging and Ultrasound Products	Affected: MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women’s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 , Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330 Affected: Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575 Affected: Definium 5000, 6000, 8000, AMX 700 Affected: Discovery XR650, XR656, XR656+ Affected: Optima XR640, XR646, XR220amx, XR200amx Affected: Precision 500D, WDR1 Mammography Seno 200D, DS, Essential Affected: Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert & Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:26:09.485Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GE Healthcare Imaging and Ultrasound Products",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 , Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
            },
            {
              "status": "affected",
              "version": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
            },
            {
              "status": "affected",
              "version": "Definium 5000, 6000, 8000, AMX 700"
            },
            {
              "status": "affected",
              "version": "Discovery XR650, XR656, XR656+"
            },
            {
              "status": "affected",
              "version": "Optima XR640, XR646, XR220amx, XR200amx"
            },
            {
              "status": "affected",
              "version": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
            },
            {
              "status": "affected",
              "version": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "EXPOSURE OF SENSITIVE SYSTEM INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T16:12:36.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-25179",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GE Healthcare Imaging and Ultrasound Products",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 , Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
                          },
                          {
                            "version_value": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
                          },
                          {
                            "version_value": "Definium 5000, 6000, 8000, AMX 700"
                          },
                          {
                            "version_value": "Discovery XR650, XR656, XR656+"
                          },
                          {
                            "version_value": "Optima XR640, XR646, XR220amx, XR200amx"
                          },
                          {
                            "version_value": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
                          },
                          {
                            "version_value": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "EXPOSURE OF SENSITIVE SYSTEM INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-25179",
    "datePublished": "2020-12-14T16:12:36.000Z",
    "dateReserved": "2020-09-04T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:26:09.485Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2021-01651

CVE-2020-25179 (GCVE-0-2020-25179)

Tags

Sightings

Nomenclature