Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-6966
HistoryJan 24, 2020 - 6:15 p.m.

CVE-2020-6966

2020-01-2418:15:12
CWE-326
[email protected]
web.nvd.nist.gov
29
cve-2020-6966
apexpro telemetry server
carescape telemetry server
clinical information center
carescape central station
weak encryption
remote code execution
network security

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.

Affected configurations

NVD
Node
gehealthcareapexpro_telemetry_server_firmwareRange4.2
AND
gehealthcareapexpro_telemetry_serverMatch-
Node
gehealthcarecarescape_central_station_mai700_firmwareMatch1.0
AND
gehealthcarecarescape_central_station_mai700Match-
Node
gehealthcarecarescape_central_station_mas700_firmwareMatch1.0
AND
gehealthcarecarescape_central_station_mas700Match-
Node
gehealthcareclinical_information_center_mp100d_firmwareMatch4.0
OR
gehealthcareclinical_information_center_mp100d_firmwareMatch5.0
AND
gehealthcareclinical_information_center_mp100dMatch-
Node
gehealthcareclinical_information_center_mp100r_firmwareMatch4.0
OR
gehealthcareclinical_information_center_mp100r_firmwareMatch5.0
AND
gehealthcareclinical_information_center_mp100rMatch-
Node
gehealthcarecarescape_telemetry_server_mp100r_firmwareRange4.2
AND
gehealthcarecarescape_telemetry_server_mp100rMatch-

CNA Affected

[
  {
    "product": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
ics 1
threatpost 1
nvd
nvd
CVE-2020-6966
2020-01-24 18:15:12
prion
prion
Remote code execution
2020-01-24 18:15:00
cvelist
cvelist
CVE-2020-6966
2020-01-24 17:07:00
ics
ics
GE CARESCAPE, ApexPro, and Clinical Information Center systems
2020-01-23 12:00:00
threatpost
threatpost
Critical, Unpatched 'MDhex' Bugs Threaten Hospital Devices
2020-01-23 20:02:41

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON
Related for CVE-2020-6966
nvd1prion1cvelist1ics1threatpost1