Lucene search

[email protected]NVD:CVE-2020-6964

HistoryJan 24, 2020 - 5:15 p.m.

CVE-2020-6964

2020-01-2417:15:13

CWE-306

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

43.8%

JSON

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.

Affected configurations

Nvd

Node

gehealthcareapexpro_telemetry_server_firmwareRange≤4.2

AND

gehealthcareapexpro_telemetry_serverMatch-

Node

gehealthcarecarescape_central_station_mai700_firmwareMatch1.0

gehealthcarecarescape_central_station_mai700_firmwareMatch2.0

AND

gehealthcarecarescape_central_station_mai700Match-

Node

gehealthcarecarescape_central_station_mas700_firmwareMatch1.0

gehealthcarecarescape_central_station_mas700_firmwareMatch2.0

AND

gehealthcarecarescape_central_station_mas700Match-

Node

gehealthcareclinical_information_center_mp100d_firmwareMatch4.0

gehealthcareclinical_information_center_mp100d_firmwareMatch5.0

AND

gehealthcareclinical_information_center_mp100dMatch-

Node

gehealthcareclinical_information_center_mp100r_firmwareMatch4.0

gehealthcareclinical_information_center_mp100r_firmwareMatch5.0

AND

gehealthcareclinical_information_center_mp100rMatch-

Node

gehealthcarecarescape_telemetry_server_mp100r_firmwareRange≤4.2

AND

gehealthcarecarescape_telemetry_server_mp100rMatch-

VendorProductVersionCPE
gehealthcareapexpro_telemetry_server_firmware*cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:*:*:*:*:*:*:*:*
gehealthcareapexpro_telemetry_server-cpe:2.3:h:gehealthcare:apexpro_telemetry_server:-:*:*:*:*:*:*:*
gehealthcarecarescape_central_station_mai700_firmware1.0cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:1.0:*:*:*:*:*:*:*
gehealthcarecarescape_central_station_mai700_firmware2.0cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:2.0:*:*:*:*:*:*:*
gehealthcarecarescape_central_station_mai700-cpe:2.3:h:gehealthcare:carescape_central_station_mai700:-:*:*:*:*:*:*:*
gehealthcarecarescape_central_station_mas700_firmware1.0cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:1.0:*:*:*:*:*:*:*
gehealthcarecarescape_central_station_mas700_firmware2.0cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:2.0:*:*:*:*:*:*:*
gehealthcarecarescape_central_station_mas700-cpe:2.3:h:gehealthcare:carescape_central_station_mas700:-:*:*:*:*:*:*:*
gehealthcareclinical_information_center_mp100d_firmware4.0cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:4.0:*:*:*:*:*:*:*
gehealthcareclinical_information_center_mp100d_firmware5.0cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gehealthcare	apexpro_telemetry_server_firmware	*	cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware::::::::
gehealthcare	apexpro_telemetry_server	-	cpe:2.3:h:gehealthcare:apexpro_telemetry_server:-:::::::*
gehealthcare	carescape_central_station_mai700_firmware	1.0	cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:1.0:::::::*
gehealthcare	carescape_central_station_mai700_firmware	2.0	cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:2.0:::::::*
gehealthcare	carescape_central_station_mai700	-	cpe:2.3:h:gehealthcare:carescape_central_station_mai700:-:::::::*
gehealthcare	carescape_central_station_mas700_firmware	1.0	cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:1.0:::::::*
gehealthcare	carescape_central_station_mas700_firmware	2.0	cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:2.0:::::::*
gehealthcare	carescape_central_station_mas700	-	cpe:2.3:h:gehealthcare:carescape_central_station_mas700:-:::::::*
gehealthcare	clinical_information_center_mp100d_firmware	4.0	cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:4.0:::::::*
gehealthcare	clinical_information_center_mp100d_firmware	5.0	cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:5.0:::::::*

Rows per page:

1-10 of 161

References

www.us-cert.gov/ics/advisories/icsma-20-023-01

www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

43.8%

JSON

Related for NVD:CVE-2020-6964

cvelist1 prion1 cve1 ics1 threatpost1