CVE-2024-27109 Insufficiently protected credentials in GE HealthCare EchoPAC products

🗓️ 14 May 2024 17:13:16Reported by GEHCType

Insufficiently protected credentials in GE HealthCare EchoPAC product

Reporter	Title	Published	Views	Family All 7
BDU FSTEC	The vulnerability of GE HealthCare EchoPAC medical software, related to insufficient protection of registration data, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.	27 May 202400:00	–	bdu_fstec
CNNVD	General Electric Healthcare Imaging 安全漏洞	14 May 202400:00	–	cnnvd
CVE	CVE-2024-27109	14 May 202417:13	–	cve
EUVD	EUVD-2024-24359	3 Oct 202520:07	–	euvd
NVD	CVE-2024-27109	14 May 202417:15	–	nvd
RedhatCVE	CVE-2024-27109	5 Feb 202503:55	–	redhatcve
Vulnrichment	CVE-2024-27109 Insufficiently protected credentials in GE HealthCare EchoPAC products	14 May 202417:13	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "EchoPAC Software Only",
    "vendor": "GE HealthCare",
    "versions": [
      {
        "lessThan": "206.44",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ImageVault",
    "vendor": "GE HealthCare",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EchoPAC Turnkey",
    "vendor": "GE HealthCare",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  }
]

Source	Link
securityupdate	www.securityupdate.gehealthcare.com/

14 May 2024 17:13Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.6

EPSS0.00343

CWE-522