Lucene search

K
cve[email protected]CVE-2020-6966
HistoryJan 24, 2020 - 6:15 p.m.

CVE-2020-6966

2020-01-2418:15:12
CWE-326
web.nvd.nist.gov
29
cve-2020-6966
apexpro telemetry server
carescape telemetry server
clinical information center
carescape central station
weak encryption
remote code execution
network security

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.

Affected configurations

NVD
Node
gehealthcareapexpro_telemetry_server_firmwareRange4.2
AND
gehealthcareapexpro_telemetry_serverMatch-
Node
gehealthcarecarescape_central_station_mai700_firmwareMatch1.0
AND
gehealthcarecarescape_central_station_mai700Match-
Node
gehealthcarecarescape_central_station_mas700_firmwareMatch1.0
AND
gehealthcarecarescape_central_station_mas700Match-
Node
gehealthcareclinical_information_center_mp100d_firmwareMatch4.0
OR
gehealthcareclinical_information_center_mp100d_firmwareMatch5.0
AND
gehealthcareclinical_information_center_mp100dMatch-
Node
gehealthcareclinical_information_center_mp100r_firmwareMatch4.0
OR
gehealthcareclinical_information_center_mp100r_firmwareMatch5.0
AND
gehealthcareclinical_information_center_mp100rMatch-
Node
gehealthcarecarescape_telemetry_server_mp100r_firmwareRange4.2
AND
gehealthcarecarescape_telemetry_server_mp100rMatch-

CNA Affected

[
  {
    "product": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X"
      }
    ]
  }
]

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

Related for CVE-2020-6966