Hardcoded credentials

GE Healthcare Discovery 530C has a password of bigguy1 for the 1 acqservice user and 2 wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires ...

Hardcoded credentials

The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of 1 operator for the root account, 2 adw2.0 for the admin account, and 3 adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcode...

Hardcoded credentials

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value...

Hardcoded credentials

GE Healthcare Precision MPi has a password of 1 orion for the serviceapp user, 2 orion for the clinical operator user, and 3 PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent ...

Hardcoded credentials

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of 1 CANal1 for the Administrator user and 2 iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on...

Hardcoded credentials

The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of 1 shared for the shared user and 2 scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default,...

CVE-2013-7442

CVE-2013-7442 relates to GE Healthcare Centricity PACS Workstation and related Centricity PACS components using default or hard-coded credentials (e.g., CANal1 for Administrator and iis for IIS). The ICS-CERT advisory (GE Healthcare) lists affected products including Centricity PACS Server/ IW/ R...

CVE-2011-5323

GE Healthcare Centricity PACS-IW versions 3.7.3.7 and 3.7.3.8 (and possibly others) are documented as having a built-in sa SQL server account password, A11enda1e. The descriptions note the impact and attack vectors are unspecified and do not clarify whether this password is default, hardcoded, or...

CVE-2010-5307

GE Healthcare Optima MR360 HIPAA configuration interface is affected by CVE-2010-5307, tied to built-in/default credentials (root: operator, admin: adw2.0, sdc: adw2.0). Public documentation confirms remote authentication bypass risk via these credentials and notes uncertainty on whether password...

CVE-2004-2777

GE Healthcare Centricity Image Vault 3.x is affected by an authentication issue due to default or hard-coded credentials across multiple components (including Image Vault 3.x itself and related GE products such as GEMNet License Server). The ICS-CERT advisory (and GE’s self-assessment) confirms r...

CVE-2009-5143

GE Healthcare Discovery 530C has a password of bigguy1 for the 1 acqservice user and 2 wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires ...

CVE-2013-7404

CVE-2013-7404 affects the GE Healthcare Discovery NM750b. The issue arises from default/hard-coded credentials: the insite account password is 2getin for Telnet and FTP. This can enable remote authentication bypass and unauthorized access to the device as described by ICS-CERT and related sources...

CVE-2001-1594

CVE-2001-1594 relates to GE Healthcare eNTEGRA P&R and is mapped to default/hard-coded credentials across multiple GE devices (eNTEGRA 2.0/2.5 Workstation, and related imaging products). The connected sources confirm that the vulnerability enables authentication bypass by using known passwords (e...

CVE-2015-3959

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this...

Hardcoded credentials

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by...

Hardcoded credentials

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this...

CVE-2015-3959

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this...

CVE-2015-3960

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by...

CVE-2015-3959

The CVE-2015-3959 issue affects Belden GarrettCom Magnum 6K and Magnum 10K switches running MNS firmware prior to 4.5.6. The root cause is a hardcoded serial-console password for a privileged account, enabling a physically proximate attacker to gain access by connecting a console session to a non...

Impero Education Pro Remote Command Execution

/ If you're unsure what Impero is, it's essentially a corporate/educational RAT. Vendor site: https://www.imperosoftware.co.uk/ They recently were in the news about how they implemented "anti-radicalisation" shit or something. They had a booth at BETT back in January. They gave out donuts. Those...