Lucene search

[email protected]CVE-2020-6964

HistoryJan 24, 2020 - 5:15 p.m.

CVE-2020-6964

2020-01-2417:15:13

CWE-306

[email protected]

web.nvd.nist.gov

cwe-200

cve-2020-6964

apexpro telemetry server

carescape telemetry server

clinical information center

carescape central station

information security

network security

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.8%

JSON

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.

Affected configurations

NVD

Node

gehealthcareapexpro_telemetry_server_firmwareRange≤4.2

AND

gehealthcareapexpro_telemetry_serverMatch-

Node

gehealthcarecarescape_central_station_mai700_firmwareMatch1.0

gehealthcarecarescape_central_station_mai700_firmwareMatch2.0

AND

gehealthcarecarescape_central_station_mai700Match-

Node

gehealthcarecarescape_central_station_mas700_firmwareMatch1.0

gehealthcarecarescape_central_station_mas700_firmwareMatch2.0

AND

gehealthcarecarescape_central_station_mas700Match-

Node

gehealthcareclinical_information_center_mp100d_firmwareMatch4.0

gehealthcareclinical_information_center_mp100d_firmwareMatch5.0

AND

gehealthcareclinical_information_center_mp100dMatch-

Node

gehealthcareclinical_information_center_mp100r_firmwareMatch4.0

gehealthcareclinical_information_center_mp100r_firmwareMatch5.0

AND

gehealthcareclinical_information_center_mp100rMatch-

Node

gehealthcarecarescape_telemetry_server_mp100r_firmwareRange≤4.2

AND

gehealthcarecarescape_telemetry_server_mp100rMatch-

CPENameOperatorVersion
gehealthcare:apexpro_telemetry_server_firmwaregehealthcare apexpro telemetry server firmwarele4.2

CPE	Name	Operator	Version
gehealthcare:apexpro_telemetry_server_firmware	gehealthcare apexpro telemetry server firmware	le	4.2

CNA Affected

[
  {
    "product": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X"
      }
    ]
  }
]

References

www.us-cert.gov/ics/advisories/icsma-20-023-01

www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.8%

JSON

Related for CVE-2020-6964

prion1 nvd1 cvelist1 ics1 threatpost1