Lucene search

[email protected]CVE-2020-6965

HistoryJan 24, 2020 - 6:15 p.m.

CVE-2020-6965

2020-01-2418:15:12

CWE-434

CWE-20

[email protected]

web.nvd.nist.gov

cve-2020-6965

apexpro telemetry server

carescape telemetry server

clinical information center

carescape central station

b450

b650

b850

vulnerability

file upload

software update

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.2%

JSON

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.

Affected configurations

NVD

Node

gehealthcareapexpro_telemetry_server_firmwareRange≤4.2

AND

gehealthcareapexpro_telemetry_serverMatch-

Node

gehealthcarecarescape_b450_monitor_firmwareMatch2.0

AND

gehealthcarecarescape_b450_monitorMatch-

Node

gehealthcarecarescape_b650_monitor_firmwareMatch1.0

gehealthcarecarescape_b650_monitor_firmwareMatch2.0

AND

gehealthcarecarescape_b650_monitorMatch-

Node

gehealthcarecarescape_b850_monitor_firmwareMatch1.0

gehealthcarecarescape_b850_monitor_firmwareMatch2.0

AND

gehealthcarecarescape_b850_monitorMatch-

Node

gehealthcarecarescape_central_station_mai700_firmwareMatch1.0

AND

gehealthcarecarescape_central_station_mai700Match-

Node

gehealthcarecarescape_central_station_mas700_firmwareMatch1.0

AND

gehealthcarecarescape_central_station_mas700Match-

Node

gehealthcareclinical_information_center_mp100d_firmwareMatch4.0

gehealthcareclinical_information_center_mp100d_firmwareMatch5.0

AND

gehealthcareclinical_information_center_mp100dMatch-

Node

gehealthcareclinical_information_center_mp100r_firmwareMatch4.0

gehealthcareclinical_information_center_mp100r_firmwareMatch5.0

AND

gehealthcareclinical_information_center_mp100rMatch-

Node

gehealthcarecarescape_telemetry_server_mp100r_firmwareRange≤4.2

AND

gehealthcarecarescape_telemetry_server_mp100rMatch-

CPENameOperatorVersion
gehealthcare:apexpro_telemetry_server_firmwaregehealthcare apexpro telemetry server firmwarele4.2

CPE	Name	Operator	Version
gehealthcare:apexpro_telemetry_server_firmware	gehealthcare apexpro telemetry server firmware	le	4.2

CNA Affected

[
  {
    "product": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X"
      }
    ]
  }
]

References

www.us-cert.gov/ics/advisories/icsma-20-023-01

www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.2%

JSON

Related for CVE-2020-6965

nvd1 cvelist1 prion1 threatpost1 ics1