Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-7233 (GCVE-0-2014-7233)
Vulnerability from cvelistv5 – Published: 2015-08-04 10:00 – Updated: 2024-08-06 12:40
VLAI?
EPSS
Summary
GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7233",
"datePublished": "2015-08-04T10:00:00",
"dateReserved": "2014-09-29T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:gehealthcare:precision_thunis-800\\\\+:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEF95E63-0F28-4644-B98A-1AB28399923F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \\\"Setup and Activation\\\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en GE Healthcare Precisi\\u00f3n THUNIS-800+, tiene una contrase\\u00f1a predeterminada de (1) 1973 para el men\\u00fa System Utilities predeterminado de f\\u00e1brica, (2) TH8740 para la instalaci\\u00f3n usando TH8740_122_Setup.exe, (3) hrml para \u0027Setup and Activation\u0027 usando DSASetup y (4) una cadena vac\\u00eda para Shutter Configuration, lo cual tiene un impacto y vectores de ataque no especificados. NOTA: ya que estas contrase\\u00f1as parecen ser utilizadas para tener acceso a la funcionalidad durante la instalaci\\u00f3n, este problema podr\\u00eda no cruzar los l\\u00edmites de los privilegios y podr\\u00eda no ser una vulnerabilidad.\"}]",
"id": "CVE-2014-7233",
"lastModified": "2024-11-21T02:16:34.833",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2015-08-04T14:59:25.720",
"references": "[{\"url\": \"http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://twitter.com/digitalbond/status/619250429751222277\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://twitter.com/digitalbond/status/619250429751222277\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-255\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-7233\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-08-04T14:59:25.720\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \\\"Setup and Activation\\\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en GE Healthcare Precisi\u00f3n THUNIS-800+, tiene una contrase\u00f1a predeterminada de (1) 1973 para el men\u00fa System Utilities predeterminado de f\u00e1brica, (2) TH8740 para la instalaci\u00f3n usando TH8740_122_Setup.exe, (3) hrml para \u0027Setup and Activation\u0027 usando DSASetup y (4) una cadena vac\u00eda para Shutter Configuration, lo cual tiene un impacto y vectores de ataque no especificados. NOTA: ya que estas contrase\u00f1as parecen ser utilizadas para tener acceso a la funcionalidad durante la instalaci\u00f3n, este problema podr\u00eda no cruzar los l\u00edmites de los privilegios y podr\u00eda no ser una vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:gehealthcare:precision_thunis-800\\\\+:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEF95E63-0F28-4644-B98A-1AB28399923F\"}]}]}],\"references\":[{\"url\":\"http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://twitter.com/digitalbond/status/619250429751222277\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://twitter.com/digitalbond/status/619250429751222277\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CNVD-2015-05135
Vulnerability from cnvd - Published: 2015-08-06
VLAI Severity ?
Title
GE Healthcare Precision THUNIS-800+信任管理漏洞
Description
GE Healthcare Precision THUNIS-800+(PT800+)是美国通用电气(GE)公司的一款用于医疗行业的一体化数字遥控多功能X光机(产生X光的设备)。
GE Healthcare PT800+中存在安全漏洞,该漏洞源于程序使用默认的密码(System Utilities运行密码:973,TH8740_122_Setup.exe安装密码:TH8740,DSASetup的Setup and Activation密码:hrml,启用Shutter功能不需要密码)。攻击者可利用该漏洞控制设备。
Severity
高
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: http://www.gehealthcare.com/
Reference
http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA&DIRECTION=5458232-1EN&FILENAME=5458232-1EN%2Br4.pdf&FILEREV=4&DOCREV_ORG=4
Impacted products
| Name | GE Precision THUNIS-800+ |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2014-7233"
}
},
"description": "GE Healthcare Precision THUNIS-800+\uff08PT800+\uff09\u662f\u7f8e\u56fd\u901a\u7528\u7535\u6c14\uff08GE\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u533b\u7597\u884c\u4e1a\u7684\u4e00\u4f53\u5316\u6570\u5b57\u9065\u63a7\u591a\u529f\u80fdX\u5149\u673a\uff08\u4ea7\u751fX\u5149\u7684\u8bbe\u5907\uff09\u3002\r\n\r\nGE Healthcare PT800+\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u9ed8\u8ba4\u7684\u5bc6\u7801\uff08System Utilities\u8fd0\u884c\u5bc6\u7801\uff1a973\uff0cTH8740_122_Setup.exe\u5b89\u88c5\u5bc6\u7801\uff1aTH8740\uff0cDSASetup\u7684Setup and Activation\u5bc6\u7801\uff1ahrml\uff0c\u542f\u7528Shutter\u529f\u80fd\u4e0d\u9700\u8981\u5bc6\u7801\uff09\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u8bbe\u5907\u3002",
"discovererName": "GE Healthcare",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttp://www.gehealthcare.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-05135",
"openTime": "2015-08-06",
"products": {
"product": "GE Precision THUNIS-800+"
},
"referenceLink": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026amp;DIRECTION=5458232-1EN\u0026amp;FILENAME=5458232-1EN%2Br4.pdf\u0026amp;FILEREV=4\u0026amp;DOCREV_ORG=4",
"serverity": "\u9ad8",
"submitTime": "2015-08-05",
"title": "GE Healthcare Precision THUNIS-800+\u4fe1\u4efb\u7ba1\u7406\u6f0f\u6d1e"
}
VAR-201508-0597
Vulnerability from variot - Updated: 2023-12-18 12:07GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability. GE Healthcare Precision THUNIS-800+ (PT800+) is an integrated digital remote control multi-function X-ray machine (X-ray generating equipment) for the medical industry. There is a security vulnerability in GE Healthcare PT800+. An attacker could exploit this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "precision thunis-800\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "precision thunis-800+",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "precision thunis-800+",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "precision thunis-800\\+",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "electric healthcare precision thunis-800+",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gehealthcare:precision_thunis-800\\+:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven of Protiviti.",
"sources": [
{
"db": "BID",
"id": "76170"
}
],
"trust": 0.3
},
"cve": "CVE-2014-7233",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-7233",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05135",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-7233",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-05135",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-036",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability. GE Healthcare Precision THUNIS-800+ (PT800+) is an integrated digital remote control multi-function X-ray machine (X-ray generating equipment) for the medical industry. There is a security vulnerability in GE Healthcare PT800+. An attacker could exploit this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7233"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7233",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05135",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036",
"trust": 0.6
},
{
"db": "BID",
"id": "76170",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
]
},
"id": "VAR-201508-0597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
}
]
},
"last_update_date": "2023-12-18T12:07:02.560000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GE Healthcare Precision THUNIS-800+ R\u0026F System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5458232-1en+r4.pdf?req=raa\u0026direction=5458232-1en\u0026filename=5458232-1en%2br4.pdf\u0026filerev=4\u0026docrev_org=4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.9,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.9,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5458232-1en+r4.pdf?req=raa\u0026direction=5458232-1en\u0026filename=5458232-1en%2br4.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7233"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7233"
},
{
"trust": 0.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5458232-1en+r4.pdf?req=raa\u0026amp;direction=5458232-1en\u0026amp;filename=5458232-1en%2br4.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"date": "2015-08-05T00:00:00",
"db": "BID",
"id": "76170"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"date": "2015-08-04T14:59:25.720000",
"db": "NVD",
"id": "CVE-2014-7233"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"date": "2015-08-05T00:00:00",
"db": "BID",
"id": "76170"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"date": "2018-03-28T01:29:03.293000",
"db": "NVD",
"id": "CVE-2014-7233"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Precision THUNIS-800+ Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
],
"trust": 0.6
}
}
GHSA-8J65-JQ8V-855X
Vulnerability from github – Published: 2022-05-14 03:34 – Updated: 2025-04-12 12:50
VLAI?
Details
GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.
{
"affected": [],
"aliases": [
"CVE-2014-7233"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-08-04T14:59:00Z",
"severity": "HIGH"
},
"details": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.",
"id": "GHSA-8j65-jq8v-855x",
"modified": "2025-04-12T12:50:30Z",
"published": "2022-05-14T03:34:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7233"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
},
{
"type": "WEB",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"type": "WEB",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"type": "WEB",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2014-7233
Vulnerability from fkie_nvd - Published: 2015-08-04 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gehealthcare | precision_thunis-800\+ | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gehealthcare:precision_thunis-800\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF95E63-0F28-4644-B98A-1AB28399923F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability."
},
{
"lang": "es",
"value": "Vulnerabilidad en GE Healthcare Precisi\u00f3n THUNIS-800+, tiene una contrase\u00f1a predeterminada de (1) 1973 para el men\u00fa System Utilities predeterminado de f\u00e1brica, (2) TH8740 para la instalaci\u00f3n usando TH8740_122_Setup.exe, (3) hrml para \u0027Setup and Activation\u0027 usando DSASetup y (4) una cadena vac\u00eda para Shutter Configuration, lo cual tiene un impacto y vectores de ataque no especificados. NOTA: ya que estas contrase\u00f1as parecen ser utilizadas para tener acceso a la funcionalidad durante la instalaci\u00f3n, este problema podr\u00eda no cruzar los l\u00edmites de los privilegios y podr\u00eda no ser una vulnerabilidad."
}
],
"id": "CVE-2014-7233",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-04T14:59:25.720",
"references": [
{
"source": "cve@mitre.org",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"source": "cve@mitre.org",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"source": "cve@mitre.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
},
{
"source": "cve@mitre.org",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2014-7233
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-7233",
"description": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.",
"id": "GSD-2014-7233"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-7233"
],
"details": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.",
"id": "GSD-2014-7233",
"modified": "2023-12-13T01:22:47.517982Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gehealthcare:precision_thunis-800\\+:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7233"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"tags": [],
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4",
"refsource": "CONFIRM",
"tags": [],
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"tags": [],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource": "MISC",
"tags": [],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-03-28T01:29Z",
"publishedDate": "2015-08-04T14:59Z"
}
}
}
ICSMA-18-037-02
Vulnerability from csaf_cisa - Published: 2018-02-06 00:00 - Updated: 2018-03-13 00:00Summary
GE Medical Devices Vulnerability
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.
Critical infrastructure sectors
Healthcare and Public Health
Countries/areas deployed
Worldwide
Company headquarters location
United States
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this (these) vulnerability(ies), such as:
Recommended Practices
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices
Do not click web links or open attachments in unsolicited email messages.
Recommended Practices
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Recommended Practices
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
Recommended Practices
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
{
"document": {
"acknowledgments": [
{
"names": [
"Scott Erven"
],
"summary": "reporting these vulnerabilities to GE Healthcare"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Healthcare and Public Health",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this (these) vulnerability(ies), such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Do not click web links or open attachments in unsolicited email messages.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSMA-18-037-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsma-18-037-02.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSMA-18-037-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-037-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "GE Medical Devices Vulnerability",
"tracking": {
"current_release_date": "2018-03-13T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSMA-18-037-02",
"initial_release_date": "2018-02-06T00:00:00.000000Z",
"revision_history": [
{
"date": "2018-02-06T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSMA-18-037-02P GE Medical Devices Vulnerability"
},
{
"date": "2018-03-13T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSMA-18-037-02 GE Medical Devices Vulnerability (Update A)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Optima 520: *",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Optima 520"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Optima 540: *",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Optima 540"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Optima 640: *",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Optima 640"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Optima 680: *",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Optima 680"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 1.003",
"product": {
"name": "Discovery NM530c: \u003c 1.003",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Discovery NM530c"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2.003",
"product": {
"name": "Discovery NM750b: \u003c 2.003",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Discovery NM750b"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Discovery XR656: *",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Discovery XR656"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Discovery XR656 Plus: *",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "Discovery XR656 Plus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Revolution XQ/i: *",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Revolution XQ/i"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "THUNIS-800+: *",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "THUNIS-800+"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Centricity PACS Server: *",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "Centricity PACS Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Centricity PACS RA1000: *",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "Centricity PACS RA1000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Centricity PACS-IW: *",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "Centricity PACS-IW"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Centricity DMS: *",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "Centricity DMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Discovery VH: *",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "Discovery VH"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Millenium VG: *",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "Millenium VG"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "eNTEGRA 2.0/2.5 Processing and Review Workstation: *",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "eNTEGRA 2.0/2.5 Processing and Review Workstation"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "CADstream: *",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "CADstream"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Optima MR360: *",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "Optima MR360"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "GEMNet License server (EchoServer): *",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "GEMNet License server (EchoServer)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Image Vault 3.x medical imaging software: *",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "Image Vault 3.x medical imaging software"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Infinia: *",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "Infinia"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Infinia with Hawkeye 4 / 1: *",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "Infinia with Hawkeye 4 / 1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Millenium MG: *",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "Millenium MG"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Millenium NC: *",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "Millenium NC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Millenium MyoSIGHT: *",
"product_id": "CSAFPID-0026"
}
}
],
"category": "product_name",
"name": "Millenium MyoSIGHT"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Precision MP/i: *",
"product_id": "CSAFPID-0027"
}
}
],
"category": "product_name",
"name": "Precision MP/i"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Xeleris 1.0: *",
"product_id": "CSAFPID-0028"
}
}
],
"category": "product_name",
"name": "Xeleris 1.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Xeleris 1.1: *",
"product_id": "CSAFPID-0029"
}
}
],
"category": "product_name",
"name": "Xeleris 1.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Xeleris 2.1: *",
"product_id": "CSAFPID-0030"
}
}
],
"category": "product_name",
"name": "Xeleris 2.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Xeleris 3.0: *",
"product_id": "CSAFPID-0031"
}
}
],
"category": "product_name",
"name": "Xeleris 3.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Xeleris 3.1: *",
"product_id": "CSAFPID-0032"
}
}
],
"category": "product_name",
"name": "Xeleris 3.1"
}
],
"category": "vendor",
"name": "GE Healthcare"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-5306",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2010-5306"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2009-5143",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2009-5143"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0005"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2013-7404",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2013-7404"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0006"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2014-7232",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2014-7232"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
},
{
"cve": "CVE-2010-5310",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2010-5310"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0009"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2014-7233",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0010"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2014-7233"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0010"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0010"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0010"
]
}
]
},
{
"cve": "CVE-2012-6693",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0011"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2012-6693"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0011"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0011"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0011"
]
}
]
},
{
"cve": "CVE-2012-6694",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0011"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2012-6694"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0011"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0011"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0011"
]
}
]
},
{
"cve": "CVE-2012-6695",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0011"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2012-6695"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0011"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0011"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0011"
]
}
]
},
{
"cve": "CVE-2013-7442",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0011"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2013-7442"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0011"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0011"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0011"
]
}
]
},
{
"cve": "CVE-2017-14008",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0012"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2017-14008"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0012"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0012"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0012"
]
}
]
},
{
"cve": "CVE-2011-5322",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for the analyst user, (3) G3car3s for the ccg user, (4) V0yag3r for the viewer user, and (5) geservice for the geservice user in the Webmin interface, which has unspecified impact and attack vectors.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0013"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2011-5322"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0013"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0013"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0013"
]
}
]
},
{
"cve": "CVE-2007-6757",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0014"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2007-6757"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0014"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0014"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0014"
]
}
]
},
{
"cve": "CVE-2003-1603",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) \"2\" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0015",
"CSAFPID-0016"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2003-1603"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0015",
"CSAFPID-0016"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0015",
"CSAFPID-0016"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0015",
"CSAFPID-0016"
]
}
]
},
{
"cve": "CVE-2001-1594",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare eNTEGRA P\u0026R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P\u0026R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0017"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2001-1594"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0017"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0017"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0017"
]
}
]
},
{
"cve": "CVE-2010-5309",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0018"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2010-5309"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0018"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0018"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0018"
]
}
]
},
{
"cve": "CVE-2010-5307",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0019"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2010-5307"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0019"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0019"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0019"
]
}
]
},
{
"cve": "CVE-2017-14004",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices..",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0020"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2017-14004"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0020"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0020"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0020"
]
}
]
},
{
"cve": "CVE-2004-2777",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0021"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2004-2777"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0021"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0021"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0021"
]
}
]
},
{
"cve": "CVE-2017-14002",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2017-14002"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0022",
"CSAFPID-0023"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0022",
"CSAFPID-0023"
]
}
]
},
{
"cve": "CVE-2002-2446",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2002-2446"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
]
},
{
"cve": "CVE-2012-6660",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0027"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2012-6660"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0027"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0027"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0027"
]
}
]
},
{
"cve": "CVE-2017-14006",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/vuln/detail?vulnId=CVE-2017-14006"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE\u0027s product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.",
"product_ids": [
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032"
]
},
{
"category": "mitigation",
"details": "GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security",
"product_ids": [
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032"
],
"url": "http://www3.gehealthcare.com/en/support/security"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…