55 matches found
Input validation
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station CSCS Versions 1.X CARESCAPE Central Station CSCS Versions 2.X, B450 Version 2.X, B6...
Code injection
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station CSCS Versions 1.X, a vulnerability exists in the affected products that could allow...
Hardcoded credentials
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Central Station CSCS Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execut...
CVE-2020-6966
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Central Station CSCS Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an...
CVE-2020-6966
CVE-2020-6966 concerns GE Healthcare CARESCAPE/CIC/CSCS/ApexPro telemetry systems that use a weak encryption scheme for remote desktop control, enabling remote code execution on affected devices. The GE GEHC advisory (ICSMA-20-023-01) lists affected products: ApexPro Telemetry Server (4.2 and pri...
CVE-2020-6965
GE Healthcare advisories document CVE-2020-6965 as an Unrestricted Upload of File with Dangerous Type vulnerability in the software update mechanism. Affected products include ApexPro Telemetry Server (4.2 and prior), CARESCAPE Telemetry Server (4.2 and prior), CIC (4.X/5.X), CSCS (1.X), and B450...
CVE-2020-6965
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Central Station CSCS Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability...
CVE-2020-6964
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Central Station CSCS Versions 1.X and CARESCAPE Central Station CSCS Versions 2.X, the integrated service for keyboard switching of the...
CVE-2020-6964
The CVE-2020-6964 entry corresponds to GE Healthcare vulnerabilities affecting CARESCAPE Telemetry Server, ApexPro Telemetry Server, CIC, and CSCS (and related monitor endpoints) where the integrated service for keyboard switching could allow attackers to obtain remote keyboard input access witho...
CVE-2020-6963
GE Healthcare GECARE/CSCS/CIC/ApexPro Telemetry Server and related components (ApexPro Telemetry Server 4.2 and prior; CARESCAPE Telemetry Server 4.2 and prior; CIC 4.X/5.X; CSCS 1.X, 2.X; B450/B650/B850 monitors) are affected by CVE-2020-6963 alongside a family of vulnerabilities (CVE-2020-6961/...
CVE-2020-6962
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station CSCS Versions 1.X CARESCAPE Central Station CSCS Versions 2.X, B450 Version 2.X, B6...
CVE-2020-6961
CVE-2020-6961 affects GE Healthcare CARESCAPE Telemetry Server, ApexPro Telemetry Server, CIC (4.X/5.X), and CSCS (1.X) per GE ICS advisory (ICSMA-20-023-01). Root cause: unprotected storage of credentials that could allow an attacker to obtain the SSH private key from configuration files. Impact...
CVE-2020-6961
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station CSCS Versions 1.X, a vulnerability exists in the affected products that could allow...
GE CARESCAPE, ApexPro, and Clinical Information Center systems
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: CARESCAPE Telemetry Server, ApexPro Telemetry Server, CARESCAPE Central Station CSCS and Clinical Information Center CIC systems, CARESCAPE B450, B650, B850 Monitors Vulnerabilities:...
CVE-2015-7910
Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body...