VAR-201508-0011
Vulnerability from variot - Updated: 2024-02-13 22:34GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging.
GE Healthcare CADStream Server has built-in accounts. The admin uses a 'confirma' password, allowing remote attackers to use these accounts to control the device. An attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0011",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cadstream server",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "cadstream server",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "cadstream server",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "cadstream server",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gehealthcare:cadstream_server_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76185"
}
],
"trust": 0.3
},
"cve": "CVE-2010-5309",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-5309",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05171",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-47914",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-5309",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-05171",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-023",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-47914",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2010-5309",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. \n\nGE Healthcare CADStream Server has built-in accounts. The admin uses a \u0027confirma\u0027 password, allowing remote attackers to use these accounts to control the device. \nAn attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5309"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-5309",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05171",
"trust": 0.6
},
{
"db": "BID",
"id": "76185",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-47914",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2010-5309",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"id": "VAR-201508-0011",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-47914"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T22:34:36.627000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Optima MR360 1.5T MR system Operator Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026direction=5339461-1en\u0026filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026filerev=4\u0026docrev_org=4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.8,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026direction=5339461-1en\u0026filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5309"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5309"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026amp;direction=5339461-1en\u0026amp;filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-47914"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76185"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"date": "2015-08-04T14:59:12.457000",
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-47914"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76185"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"date": "2015-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"date": "2018-03-28T01:29:01.497000",
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare CADStream Server Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…