CVE-2017-14006

2018-03-1300:00:00

CWE-287

icscert

www.cve.org

9.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.2%

JSON

GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.

CNA Affected

[
  {
    "product": "GE Xeleris",
    "vendor": "GE Healthcare",
    "versions": [
      {
        "status": "affected",
        "version": "1.0,1.1,2.1,3.0,3.1"
      }
    ]
  }
]

References

ics-cert.us-cert.gov/advisories/ICSMA-18-037-02