VAR-201508-0152
Vulnerability from variot - Updated: 2023-12-18 13:44The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Centricity DMS is a cardiology clinical education data management system for the medical industry from General Electric (GE). An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity dms",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.2"
},
{
"model": "centricity cardiology data management system",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.2"
},
{
"model": "centricity dms",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gehealthcare:centricity_dms:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76166"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7405",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-7405",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05138",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-7405",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-05138",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-033",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2013-7405",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Centricity DMS is a cardiology clinical education data management system for the medical industry from General Electric (GE). An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7405"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7405",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05138",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033",
"trust": 0.6
},
{
"db": "BID",
"id": "76166",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2013-7405",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
]
},
"id": "VAR-201508-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
}
]
},
"last_update_date": "2023-12-18T13:44:19.418000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity* Cardiology Data Management System DMS Admin. - v. 4.2 Master Trainer Guide",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms%204.2%20mtg.pdf?docclass=a\u0026req=rac\u0026direction=0908141\u0026filename=0908141_dms+4.2+mtg.pdf\u0026filerev=d\u0026docrev_org=d\u0026submit=+accept+"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms+4.2+mtg.pdf?req=raa\u0026direction=0908141\u0026filename=0908141_dms%2b4.2%2bmtg.pdf\u0026filerev=d\u0026docrev_org=d"
},
{
"trust": 1.7,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7405"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7405"
},
{
"trust": 0.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms+4.2+mtg.pdf?req=raa\u0026amp;direction=0908141\u0026amp;filename=0908141_dms%2b4.2%2bmtg.pdf\u0026amp;filerev=d\u0026amp;docrev_org=d"
},
{
"trust": 0.3,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms%204.2%20mtg.pdf?docclass=a\u0026req=rac\u0026direction=0908141\u0026filename=0908141_dms+4.2+mtg.pdf\u0026filerev=d\u0026docrev_org=d\u0026submit=+accept+"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76166"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"date": "2015-08-04T14:59:22.643000",
"db": "NVD",
"id": "CVE-2013-7405"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76166"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"date": "2015-08-04T19:24:23.680000",
"db": "NVD",
"id": "CVE-2013-7405"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity DMS Ad Hoc Reporting Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…