cvelistv5 - cve-2012-6695

CVE-2012-6695 (GCVE-0-2012-6695)

Vulnerability from cvelistv5 – Published: 2015-08-04 10:00 – Updated: 2024-08-06 21:36

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GHSA-MJFX-7VJC-JCX6

Vulnerability from github – Published: 2022-05-14 03:34 – Updated: 2025-04-12 12:50

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-6695"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-08-04T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
  "id": "GHSA-mjfx-7vjc-jcx6",
  "modified": "2025-04-12T12:50:30Z",
  "published": "2022-05-14T03:34:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6695"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/digitalbond/status/619250429751222277"
    },
    {
      "type": "WEB",
      "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
    },
    {
      "type": "WEB",
      "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
    },
    {
      "type": "WEB",
      "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

ICSMA-18-037-02

Vulnerability from csaf_cisa - Published: 2018-02-06 00:00 - Updated: 2018-03-13 00:00

Summary

GE Medical Devices Vulnerability

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.

Critical infrastructure sectors

Healthcare and Public Health

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this (these) vulnerability(ies), such as:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Recommended Practices

Do not click web links or open attachments in unsolicited email messages.

Recommended Practices

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Recommended Practices

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Recommended Practices

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Scott Erven"
        ],
        "summary": "reporting these vulnerabilities to GE Healthcare"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Healthcare and Public Health",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this (these) vulnerability(ies), such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Do not click web links or open attachments in unsolicited email messages.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-18-037-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsma-18-037-02.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSMA-18-037-02 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-037-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "GE Medical Devices Vulnerability",
    "tracking": {
      "current_release_date": "2018-03-13T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSMA-18-037-02",
      "initial_release_date": "2018-02-06T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-02-06T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-18-037-02P GE Medical Devices Vulnerability"
        },
        {
          "date": "2018-03-13T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSMA-18-037-02 GE Medical Devices Vulnerability (Update A)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Optima 520: *",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Optima 520"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Optima 540: *",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Optima 540"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Optima 640: *",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Optima 640"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Optima 680: *",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Optima 680"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 1.003",
                "product": {
                  "name": "Discovery NM530c: \u003c 1.003",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "Discovery NM530c"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 2.003",
                "product": {
                  "name": "Discovery NM750b: \u003c 2.003",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "Discovery NM750b"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Discovery XR656: *",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "Discovery XR656"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Discovery XR656 Plus: *",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "Discovery XR656 Plus"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Revolution XQ/i: *",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "Revolution XQ/i"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "THUNIS-800+: *",
                  "product_id": "CSAFPID-0010"
                }
              }
            ],
            "category": "product_name",
            "name": "THUNIS-800+"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Centricity PACS Server: *",
                  "product_id": "CSAFPID-0011"
                }
              }
            ],
            "category": "product_name",
            "name": "Centricity PACS Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Centricity PACS RA1000: *",
                  "product_id": "CSAFPID-0012"
                }
              }
            ],
            "category": "product_name",
            "name": "Centricity PACS RA1000"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Centricity PACS-IW: *",
                  "product_id": "CSAFPID-0013"
                }
              }
            ],
            "category": "product_name",
            "name": "Centricity PACS-IW"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Centricity DMS: *",
                  "product_id": "CSAFPID-0014"
                }
              }
            ],
            "category": "product_name",
            "name": "Centricity DMS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Discovery VH: *",
                  "product_id": "CSAFPID-0015"
                }
              }
            ],
            "category": "product_name",
            "name": "Discovery VH"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Millenium VG: *",
                  "product_id": "CSAFPID-0016"
                }
              }
            ],
            "category": "product_name",
            "name": "Millenium VG"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "eNTEGRA 2.0/2.5 Processing and Review Workstation: *",
                  "product_id": "CSAFPID-0017"
                }
              }
            ],
            "category": "product_name",
            "name": "eNTEGRA 2.0/2.5 Processing and Review Workstation"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "CADstream: *",
                  "product_id": "CSAFPID-0018"
                }
              }
            ],
            "category": "product_name",
            "name": "CADstream"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Optima MR360: *",
                  "product_id": "CSAFPID-0019"
                }
              }
            ],
            "category": "product_name",
            "name": "Optima MR360"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "GEMNet License server (EchoServer): *",
                  "product_id": "CSAFPID-0020"
                }
              }
            ],
            "category": "product_name",
            "name": "GEMNet License server (EchoServer)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Image Vault 3.x medical imaging software: *",
                  "product_id": "CSAFPID-0021"
                }
              }
            ],
            "category": "product_name",
            "name": "Image Vault 3.x medical imaging software"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Infinia: *",
                  "product_id": "CSAFPID-0022"
                }
              }
            ],
            "category": "product_name",
            "name": "Infinia"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Infinia with Hawkeye 4 / 1: *",
                  "product_id": "CSAFPID-0023"
                }
              }
            ],
            "category": "product_name",
            "name": "Infinia with Hawkeye 4 / 1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Millenium MG: *",
                  "product_id": "CSAFPID-0024"
                }
              }
            ],
            "category": "product_name",
            "name": "Millenium MG"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Millenium NC: *",
                  "product_id": "CSAFPID-0025"
                }
              }
            ],
            "category": "product_name",
            "name": "Millenium NC"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Millenium MyoSIGHT: *",
                  "product_id": "CSAFPID-0026"
                }
              }
            ],
            "category": "product_name",
            "name": "Millenium MyoSIGHT"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Precision MP/i: *",
                  "product_id": "CSAFPID-0027"
                }
              }
            ],
            "category": "product_name",
            "name": "Precision MP/i"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Xeleris 1.0: *",
                  "product_id": "CSAFPID-0028"
                }
              }
            ],
            "category": "product_name",
            "name": "Xeleris 1.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Xeleris 1.1: *",
                  "product_id": "CSAFPID-0029"
                }
              }
            ],
            "category": "product_name",
            "name": "Xeleris 1.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Xeleris 2.1: *",
                  "product_id": "CSAFPID-0030"
                }
              }
            ],
            "category": "product_name",
            "name": "Xeleris 2.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Xeleris 3.0: *",
                  "product_id": "CSAFPID-0031"
                }
              }
            ],
            "category": "product_name",
            "name": "Xeleris 3.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Xeleris 3.1: *",
                  "product_id": "CSAFPID-0032"
                }
              }
            ],
            "category": "product_name",
            "name": "Xeleris 3.1"
          }
        ],
        "category": "vendor",
        "name": "GE Healthcare"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-5306",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2010-5306"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2009-5143",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2009-5143"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0005"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2013-7404",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2013-7404"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0006"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0006"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2014-7232",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0007",
          "CSAFPID-0008"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2014-7232"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0007",
            "CSAFPID-0008"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0007",
            "CSAFPID-0008"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2010-5310",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2010-5310"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0009"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0009"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0009"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2014-7233",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0010"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2014-7233"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0010"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0010"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0010"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2012-6693",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0011"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2012-6693"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0011"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0011"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0011"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2012-6694",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0011"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2012-6694"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0011"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0011"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0011"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2012-6695",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0011"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2012-6695"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0011"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0011"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0011"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2013-7442",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0011"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2013-7442"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0011"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0011"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0011"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-14008",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0012"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2017-14008"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0012"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0012"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0012"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2011-5322",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for the analyst user, (3) G3car3s for the ccg user, (4) V0yag3r for the viewer user, and (5) geservice for the geservice user in the Webmin interface, which has unspecified impact and attack vectors.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0013"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2011-5322"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0013"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0013"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0013"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2007-6757",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0014"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2007-6757"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0014"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0014"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0014"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2003-1603",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) \"2\" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0015",
          "CSAFPID-0016"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2003-1603"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0015",
            "CSAFPID-0016"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0015",
            "CSAFPID-0016"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0015",
            "CSAFPID-0016"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2001-1594",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare eNTEGRA P\u0026R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P\u0026R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0017"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2001-1594"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0017"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0017"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0017"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2010-5309",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0018"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2010-5309"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0018"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0018"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2010-5307",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0019"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2010-5307"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0019"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0019"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0019"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-14004",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices..",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0020"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2017-14004"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0020"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0020"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0020"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2004-2777",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0021"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2004-2777"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0021"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0021"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0021"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-14002",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0022",
          "CSAFPID-0023"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2017-14002"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0022",
            "CSAFPID-0023"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0022",
            "CSAFPID-0023"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0022",
            "CSAFPID-0023"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2002-2446",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2002-2446"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2012-6660",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0027"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2012-6660"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0027"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0027"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0027"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-14006",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2017-14006"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
          "product_ids": [
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032"
          ]
        },
        {
          "category": "mitigation",
          "details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
          "product_ids": [
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032"
          ],
          "url": "http://www3.gehealthcare.com/en/support/security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032"
          ]
        }
      ]
    }
  ]
}

VAR-201508-0020

Vulnerability from variot - Updated: 2023-12-18 12:07

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The vulnerability stems from the ddpadmin user using 'ddpadmin' as the password. An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0020",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "centricity pacs workstation",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "gehealthcare",
        "version": "4.0.1"
      },
      {
        "model": "centricity pacs workstation",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "gehealthcare",
        "version": "4.0"
      },
      {
        "model": "centricity pacs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ge healthcare",
        "version": "4.0"
      },
      {
        "model": "centricity pacs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ge healthcare",
        "version": "4.0.1"
      },
      {
        "model": "centricity pacs workstation",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "4.0"
      },
      {
        "model": "centricity pacs workstation",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "4.0.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05140"
      },
      {
        "db": "BID",
        "id": "76172"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004006"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-6695"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-031"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gehealthcare:centricity_pacs_workstation:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gehealthcare:centricity_pacs_workstation:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-6695"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Scott Erven",
    "sources": [
      {
        "db": "BID",
        "id": "76172"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-6695",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2012-6695",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-05140",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-6695",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-05140",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201508-031",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05140"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004006"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-6695"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-031"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The vulnerability stems from the ddpadmin user using \u0027ddpadmin\u0027 as the password. An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-6695"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004006"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05140"
      },
      {
        "db": "BID",
        "id": "76172"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-6695",
        "trust": 3.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSMA-18-037-02",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004006",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-05140",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-031",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "76172",
        "trust": 0.3
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05140"
      },
      {
        "db": "BID",
        "id": "76172"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004006"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-6695"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-031"
      }
    ]
  },
  "id": "VAR-201508-0020",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05140"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05140"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:07:03.177000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0 Release)",
        "trust": 0.8,
        "url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?req=raa\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1"
      },
      {
        "title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0.1 Release)",
        "trust": 0.8,
        "url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004006"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-255",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004006"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-6695"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
      },
      {
        "trust": 2.2,
        "url": "https://twitter.com/digitalbond/status/619250429751222277"
      },
      {
        "trust": 1.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
      },
      {
        "trust": 1.6,
        "url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
      },
      {
        "trust": 1.6,
        "url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?req=raa\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6695"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6695"
      },
      {
        "trust": 0.3,
        "url": "http://www3.gehealthcare.com/en"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05140"
      },
      {
        "db": "BID",
        "id": "76172"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004006"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-6695"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-031"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-05140"
      },
      {
        "db": "BID",
        "id": "76172"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004006"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-6695"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-031"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-08-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05140"
      },
      {
        "date": "2015-08-04T00:00:00",
        "db": "BID",
        "id": "76172"
      },
      {
        "date": "2015-08-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004006"
      },
      {
        "date": "2015-08-04T14:59:20.597000",
        "db": "NVD",
        "id": "CVE-2012-6695"
      },
      {
        "date": "2015-08-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201508-031"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-08-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-05140"
      },
      {
        "date": "2015-08-04T00:00:00",
        "db": "BID",
        "id": "76172"
      },
      {
        "date": "2018-04-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004006"
      },
      {
        "date": "2018-03-28T01:29:02.260000",
        "db": "NVD",
        "id": "CVE-2012-6695"
      },
      {
        "date": "2015-08-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201508-031"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-031"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "GE Healthcare Centricity PACS Vulnerability in workstation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004006"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-031"
      }
    ],
    "trust": 0.6
  }
}

GSD-2012-6695

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-6695

Aliases

CVE-2012-6695

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-6695",
    "description": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
    "id": "GSD-2012-6695"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-6695"
      ],
      "details": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
      "id": "GSD-2012-6695",
      "modified": "2023-12-13T01:20:17.325901Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-6695",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1",
            "refsource": "CONFIRM",
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
          },
          {
            "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
            "refsource": "MISC",
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "name": "https://twitter.com/digitalbond/status/619250429751222277",
            "refsource": "MISC",
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
          },
          {
            "name": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1",
            "refsource": "CONFIRM",
            "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gehealthcare:centricity_pacs_workstation:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gehealthcare:centricity_pacs_workstation:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-6695"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://twitter.com/digitalbond/status/619250429751222277",
              "refsource": "MISC",
              "tags": [],
              "url": "https://twitter.com/digitalbond/status/619250429751222277"
            },
            {
              "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
            },
            {
              "name": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
            },
            {
              "name": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
              "refsource": "MISC",
              "tags": [],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-03-28T01:29Z",
      "publishedDate": "2015-08-04T14:59Z"
    }
  }
}

CNVD-2015-05140

Vulnerability from cnvd - Published: 2015-08-06

Title

GE Healthcare Centricity PACS Workstation信任管理漏洞（CNVD-2015-05140）

Description

GE Healthcare Centricity PACS Workstation是美国通用电气（GE）公司的一款用于医疗行业的影像归档及传输系统（PACS）工作站。 GE Healthcare Centricity PACS Workstation 4.0版本至4.0.1版本中存在安全漏洞，该漏洞源于ddpadmin用户使用‘ddpadmin’作为密码。攻击者可利用该漏洞控制设备。（注：目前尚不清楚该密码是默认密码、硬编码密码或依赖于另一个系统或产品）

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： http://www.gehealthcare.com/

Reference

https://twitter.com/digitalbond/status/619250429751222277

Impacted products

Name
['GE Centricity PACS Workstation 4.0', 'GE Centricity PACS Workstation 4.0.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2012-6695"
    }
  },
  "description": "GE Healthcare Centricity PACS Workstation\u662f\u7f8e\u56fd\u901a\u7528\u7535\u6c14\uff08GE\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u533b\u7597\u884c\u4e1a\u7684\u5f71\u50cf\u5f52\u6863\u53ca\u4f20\u8f93\u7cfb\u7edf\uff08PACS\uff09\u5de5\u4f5c\u7ad9\u3002\r\n\r\nGE Healthcare Centricity PACS Workstation 4.0\u7248\u672c\u81f34.0.1\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eddpadmin\u7528\u6237\u4f7f\u7528\u2018ddpadmin\u2019\u4f5c\u4e3a\u5bc6\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u8bbe\u5907\u3002\uff08\u6ce8\uff1a\u76ee\u524d\u5c1a\u4e0d\u6e05\u695a\u8be5\u5bc6\u7801\u662f\u9ed8\u8ba4\u5bc6\u7801\u3001\u786c\u7f16\u7801\u5bc6\u7801\u6216\u4f9d\u8d56\u4e8e\u53e6\u4e00\u4e2a\u7cfb\u7edf\u6216\u4ea7\u54c1\uff09",
  "discovererName": "GE Healthcare",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttp://www.gehealthcare.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-05140",
  "openTime": "2015-08-06",
  "products": {
    "product": [
      "GE Centricity PACS Workstation 4.0",
      "GE Centricity PACS Workstation 4.0.1"
    ]
  },
  "referenceLink": "https://twitter.com/digitalbond/status/619250429751222277",
  "serverity": "\u9ad8",
  "submitTime": "2015-08-05",
  "title": "GE Healthcare Centricity PACS Workstation\u4fe1\u4efb\u7ba1\u7406\u6f0f\u6d1e\uff08CNVD-2015-05140\uff09"
}

FKIE_CVE-2012-6695

Vulnerability from fkie_nvd - Published: 2015-08-04 14:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1
	cve@mitre.org	http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA&DIRECTION=2063534-001&FILENAME=C40_WS_INST_SV_2063534-001r2.pdf&FILEREV=1&DOCREV_ORG=1
	cve@mitre.org	http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
	cve@mitre.org	https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
	cve@mitre.org	https://twitter.com/digitalbond/status/619250429751222277
	af854a3a-2127-422b-91ae-364da2661108	http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1
	af854a3a-2127-422b-91ae-364da2661108	http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA&DIRECTION=2063534-001&FILENAME=C40_WS_INST_SV_2063534-001r2.pdf&FILEREV=1&DOCREV_ORG=1
	af854a3a-2127-422b-91ae-364da2661108	http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
	af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
	af854a3a-2127-422b-91ae-364da2661108	https://twitter.com/digitalbond/status/619250429751222277

Impacted products

	Vendor	Product	Version
	gehealthcare	centricity_pacs_workstation	4.0
	gehealthcare	centricity_pacs_workstation	4.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gehealthcare:centricity_pacs_workstation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F8765E-305C-4261-B432-B1C45631DA0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gehealthcare:centricity_pacs_workstation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C94750-A4E8-42DA-813C-B4B6E91114B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en GE Healthcare Centricity PACS Workstation 4.0 y 4.0.1, tiene una contrase\u00f1a ddpadmin para el usuario ddpadmin, lo cual tiene un impacto y vectores de ataque no especificados. NOTA: no est\u00e1 claro si esta contrase\u00f1a es por defecto, embebida o dependiente de otro sistema o producto que requiera un valor fijo."
    }
  ],
  "id": "CVE-2012-6695",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-08-04T14:59:20.597",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://twitter.com/digitalbond/status/619250429751222277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://twitter.com/digitalbond/status/619250429751222277"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-6695 (GCVE-0-2012-6695)

GHSA-MJFX-7VJC-JCX6

ICSMA-18-037-02

VAR-201508-0020

GSD-2012-6695

CNVD-2015-05140

FKIE_CVE-2012-6695

Tags

Sightings

Nomenclature