Remote code execution

2020-01-2418:15:00

PRIOn knowledge base

www.prio-n.com

9.6 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.

CPENameOperatorVersion
apexpro_telemetry_server_firmwarele4.2
carescape_central_station_mai700_firmwareeq1.0
carescape_central_station_mas700_firmwareeq1.0
carescape_telemetry_server_mp100r_firmwarele4.2
clinical_information_center_mp100d_firmwareeq4.0
clinical_information_center_mp100d_firmwareeq5.0
clinical_information_center_mp100r_firmwareeq4.0
clinical_information_center_mp100r_firmwareeq5.0

Name	Operator	Version
apexpro_telemetry_server_firmware	le	4.2
carescape_central_station_mai700_firmware	eq	1.0
carescape_central_station_mas700_firmware	eq	1.0
carescape_telemetry_server_mp100r_firmware	le	4.2
clinical_information_center_mp100d_firmware	eq	4.0
clinical_information_center_mp100d_firmware	eq	5.0
clinical_information_center_mp100r_firmware	eq	4.0
clinical_information_center_mp100r_firmware	eq	5.0