Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIcscertCVE-2020-6962
HistoryJan 24, 2020 - 5:15 p.m.

CVE-2020-6962

2020-01-2417:15:13
CWE-20
icscert
web.nvd.nist.gov
46
cve-2020-6962
input validation
web-based
system configuration
remote code execution

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.01

Percentile

83.5%

JSON

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.

Affected configurations

Nvd
Node
gehealthcareapexpro_telemetry_server_firmwareRange4.2
OR
gehealthcareapexpro_telemetry_server_firmwareMatch4.3
AND
gehealthcareapexpro_telemetry_serverMatch-
Node
gehealthcarecarescape_b450_monitor_firmwareMatch2.0
AND
gehealthcarecarescape_b450_monitorMatch-
Node
gehealthcarecarescape_b650_monitor_firmwareMatch1.0
OR
gehealthcarecarescape_b650_monitor_firmwareMatch2.0
AND
gehealthcarecarescape_b650_monitorMatch-
Node
gehealthcarecarescape_b850_monitor_firmwareMatch1.0
OR
gehealthcarecarescape_b850_monitor_firmwareMatch2.0
AND
gehealthcarecarescape_b850_monitorMatch-
Node
gehealthcarecarescape_central_station_mai700_firmwareMatch1.0
OR
gehealthcarecarescape_central_station_mai700_firmwareMatch2.0
AND
gehealthcarecarescape_central_station_mai700Match-
Node
gehealthcarecarescape_central_station_mas700_firmwareMatch1.0
OR
gehealthcarecarescape_central_station_mas700_firmwareMatch2.0
AND
gehealthcarecarescape_central_station_mas700Match-
Node
gehealthcareclinical_information_center_mp100d_firmwareMatch4.0
OR
gehealthcareclinical_information_center_mp100d_firmwareMatch5.0
AND
gehealthcareclinical_information_center_mp100dMatch-
Node
gehealthcareclinical_information_center_mp100r_firmwareMatch4.0
OR
gehealthcareclinical_information_center_mp100r_firmwareMatch5.0
AND
gehealthcareclinical_information_center_mp100rMatch-
Node
gehealthcarecarescape_telemetry_server_mp100r_firmwareRange4.2
OR
gehealthcarecarescape_telemetry_server_mp100r_firmwareMatch4.3
AND
gehealthcarecarescape_telemetry_server_mp100rMatch-
VendorProductVersionCPE
gehealthcareapexpro_telemetry_server_firmware*cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:*:*:*:*:*:*:*:*
gehealthcareapexpro_telemetry_server_firmware4.3cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:4.3:*:*:*:*:*:*:*
gehealthcareapexpro_telemetry_server-cpe:2.3:h:gehealthcare:apexpro_telemetry_server:-:*:*:*:*:*:*:*
gehealthcarecarescape_b450_monitor_firmware2.0cpe:2.3:o:gehealthcare:carescape_b450_monitor_firmware:2.0:*:*:*:*:*:*:*
gehealthcarecarescape_b450_monitor-cpe:2.3:h:gehealthcare:carescape_b450_monitor:-:*:*:*:*:*:*:*
gehealthcarecarescape_b650_monitor_firmware1.0cpe:2.3:o:gehealthcare:carescape_b650_monitor_firmware:1.0:*:*:*:*:*:*:*
gehealthcarecarescape_b650_monitor_firmware2.0cpe:2.3:o:gehealthcare:carescape_b650_monitor_firmware:2.0:*:*:*:*:*:*:*
gehealthcarecarescape_b650_monitor-cpe:2.3:h:gehealthcare:carescape_b650_monitor:-:*:*:*:*:*:*:*
gehealthcarecarescape_b850_monitor_firmware1.0cpe:2.3:o:gehealthcare:carescape_b850_monitor_firmware:1.0:*:*:*:*:*:*:*
gehealthcarecarescape_b850_monitor_firmware2.0cpe:2.3:o:gehealthcare:carescape_b850_monitor_firmware:2.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 261

CNA Affected

[
  {
    "product": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center,CARESCAPE B450,B650,B850 Monitors",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server,v4.2 & prior,Clinical Information Center,v4.X & 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X"
      }
    ]
  }
]

Related

prion 1
nvd 1
cvelist 1
ics 1
threatpost 1
prion
prion
Input validation
2020-01-24 17:15:00
nvd
nvd
CVE-2020-6962
2020-01-24 17:15:13
cvelist
cvelist
CVE-2020-6962
2020-01-24 16:07:54
ics
ics
GE CARESCAPE, ApexPro, and Clinical Information Center systems
2020-01-23 12:00:00
threatpost
threatpost
Critical, Unpatched 'MDhex' Bugs Threaten Hospital Devices
2020-01-23 20:02:41

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.01

Percentile

83.5%

JSON
Related for CVE-2020-6962
prion1nvd1cvelist1ics1threatpost1