Lucene search

[email protected]CVE-2020-6963

HistoryJan 24, 2020 - 5:15 p.m.

CVE-2020-6963

2020-01-2417:15:13

CWE-798

CWE-20

[email protected]

web.nvd.nist.gov

cve-2020-6963

apexpro telemetry server

carescape telemetry server

clinical information center

carescape central station

hard coded credentials

smb

remote code execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

JSON

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.

Affected configurations

NVD

Node

gehealthcareapexpro_telemetry_serverMatch-

AND

gehealthcareapexpro_telemetry_server_firmwareRange≤4.2

Node

gehealthcarecarescape_central_station_mai700Match-

AND

gehealthcarecarescape_central_station_mai700_firmwareMatch1.0

Node

gehealthcarecarescape_central_station_mas700Match-

AND

gehealthcarecarescape_central_station_mas700_firmwareMatch1.0

Node

gehealthcareclinical_information_center_mp100d_firmwareMatch4.0

gehealthcareclinical_information_center_mp100d_firmwareMatch5.0

AND

gehealthcareclinical_information_center_mp100dMatch-

Node

gehealthcareclinical_information_center_mp100r_firmwareMatch4.0

gehealthcareclinical_information_center_mp100r_firmwareMatch5.0

AND

gehealthcareclinical_information_center_mp100rMatch-

Node

gehealthcarecarescape_telemetry_server_mp100r_firmwareRange≤4.2

AND

gehealthcarecarescape_telemetry_server_mp100rMatch-

CPENameOperatorVersion
gehealthcare:apexpro_telemetry_server_firmwaregehealthcare apexpro telemetry server firmwarele4.2

CPE	Name	Operator	Version
gehealthcare:apexpro_telemetry_server_firmware	gehealthcare apexpro telemetry server firmware	le	4.2

CNA Affected

[
  {
    "product": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X"
      }
    ]
  }
]

References

www.us-cert.gov/ics/advisories/icsma-20-023-01

www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

JSON

Related for CVE-2020-6963

cvelist1 nvd1 prion1 ics1 threatpost1