Lucene search

[email protected]CVE-2020-6961

HistoryJan 24, 2020 - 5:15 p.m.

CVE-2020-6961

2020-01-2417:15:13

CWE-256

CWE-522

[email protected]

web.nvd.nist.gov

cve-2020-6961

apexpro telemetry server

carescape telemetry server

clinical information center

carescape central station

ssh

private key

configuration files

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.9%

JSON

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.

Affected configurations

NVD

Node

gehealthcareapexpro_telemetry_serverMatch-

AND

gehealthcareapexpro_telemetry_server_firmwareRange≤4.2

Node

gehealthcarecarescape_central_station_mai700Match-

AND

gehealthcarecarescape_central_station_mai700_firmwareMatch1.0

Node

gehealthcarecarescape_central_station_mas700Match-

AND

gehealthcarecarescape_central_station_mas700_firmwareMatch1.0

Node

gehealthcareclinical_information_center_mp100dMatch-

AND

gehealthcareclinical_information_center_mp100d_firmwareMatch4.0

gehealthcareclinical_information_center_mp100d_firmwareMatch5.0

Node

gehealthcareclinical_information_center_mp100rMatch-

AND

gehealthcareclinical_information_center_mp100r_firmwareMatch4.0

gehealthcareclinical_information_center_mp100r_firmwareMatch5.0

Node

gehealthcarecarescape_telemetry_server_mp100rMatch-

AND

gehealthcarecarescape_telemetry_server_mp100r_firmwareRange≤4.2

gehealthcarecarescape_telemetry_server_mp100r_firmwareMatch4.3

CPENameOperatorVersion
gehealthcare:apexpro_telemetry_server_firmwaregehealthcare apexpro telemetry server firmwarele4.2

CPE	Name	Operator	Version
gehealthcare:apexpro_telemetry_server_firmware	gehealthcare apexpro telemetry server firmware	le	4.2

CNA Affected

[
  {
    "product": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center,CARESCAPE B450,B650,B850 Monitors",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server,v4.2 & prior,Clinical Information Center,v4.X & 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X"
      }
    ]
  }
]

References

www.us-cert.gov/ics/advisories/icsma-20-023-01

www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.9%

JSON

Related for CVE-2020-6961

cvelist1 nvd1 prion1 threatpost1 ics1