Lucene search
GEHCVULNRICHMENT:CVE-2024-1486HistoryMay 14, 2024 - 3:10 p.m.
CVE-2024-1486 Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
2024-05-1415:10:22
CWE-732
GEHC
github.com
1
privilege elevation
ge healthcare
ultrasound devices
misconfigured access control list
CVSS3
7.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
CNA Affected
[
{
"vendor": "GE HealthCare",
"product": "Venue",
"versions": [
{
"status": "affected",
"version": "R1"
},
{
"status": "affected",
"version": "R2"
},
{
"status": "affected",
"version": "R3",
"versionType": "custom",
"lessThanOrEqual": "R3.3"
},
{
"status": "affected",
"version": "R4",
"versionType": "custom",
"lessThanOrEqual": "R4.2"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Venue Go",
"versions": [
{
"status": "affected",
"version": "R2"
},
{
"status": "affected",
"version": "R3",
"versionType": "custom",
"lessThanOrEqual": "R3.3"
},
{
"status": "affected",
"version": "R4",
"versionType": "custom",
"lessThanOrEqual": "R4.2"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Venue Fit",
"versions": [
{
"status": "affected",
"version": "R3",
"versionType": "custom",
"lessThanOrEqual": "R3.3"
},
{
"status": "affected",
"version": "R4",
"versionType": "custom",
"lessThanOrEqual": "R4.2"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "LOGIQ e",
"versions": [
{
"status": "affected",
"version": "R7",
"versionType": "custom",
"lessThanOrEqual": "R9.1.4"
},
{
"status": "affected",
"version": "R8",
"versionType": "custom",
"lessThanOrEqual": "R10.1.3"
},
{
"status": "affected",
"version": "R9",
"versionType": "custom",
"lessThanOrEqual": "R11.0.2"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "LOGIQ He",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "R9.3.1"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Vivid E",
"versions": [
{
"status": "affected",
"version": "E95",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "E90",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "E80",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "E9 113.2",
"versionType": "custom",
"lessThanOrEqual": "113.2"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Vivid S",
"versions": [
{
"status": "affected",
"version": "70N",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "60N",
"lessThan": "206",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Vivid T",
"versions": [
{
"status": "affected",
"version": "T8",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "T9",
"lessThan": "206",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Vivid iq",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "206",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Invenia ABUS",
"versions": [
{
"status": "affected",
"version": "1.2.3"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Invenia ABUS 2.0",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.2.9",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "venue_firmware",
"versions": [
{
"status": "affected",
"version": "R1"
},
{
"status": "affected",
"version": "R2"
},
{
"status": "affected",
"version": "R3",
"versionType": "custom",
"lessThanOrEqual": "R3.3"
},
{
"status": "affected",
"version": "R4",
"versionType": "custom",
"lessThanOrEqual": "R4.2"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "venue_go_firmware",
"versions": [
{
"status": "affected",
"version": "R2"
},
{
"status": "affected",
"version": "R3",
"versionType": "custom",
"lessThanOrEqual": "R3.3"
},
{
"status": "affected",
"version": "R4",
"versionType": "custom",
"lessThanOrEqual": "R4.2"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "venue_fit_firmware",
"versions": [
{
"status": "affected",
"version": "R3",
"versionType": "custom",
"lessThanOrEqual": "R3.3"
},
{
"status": "affected",
"version": "R4",
"versionType": "custom",
"lessThanOrEqual": "R4.2"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "logiq_e_firmware",
"versions": [
{
"status": "affected",
"version": "R7",
"versionType": "custom",
"lessThanOrEqual": "R9.1.4"
},
{
"status": "affected",
"version": "R8",
"versionType": "custom",
"lessThanOrEqual": "R10.1.3"
},
{
"status": "affected",
"version": "R9",
"versionType": "custom",
"lessThanOrEqual": "R11.0.2"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "logiq_he_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "R9.3.1"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "vivid_e_firmware",
"versions": [
{
"status": "affected",
"version": "E95",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "E90",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "E80",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "E9 113.2",
"versionType": "custom",
"lessThanOrEqual": "113.2"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_s_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "vivid_s_firmware",
"versions": [
{
"status": "affected",
"version": "70N",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "60N",
"lessThan": "206",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "vivid_t_firmware",
"versions": [
{
"status": "affected",
"version": "T8",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "T9",
"lessThan": "206",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "vivid_iq_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "206",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:invenia_abus_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "invenia_abus_firmware",
"versions": [
{
"status": "affected",
"version": "1.2.3"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:invenia_abus_2.0_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "invenia_abus_2.0_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.2.9",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]References
Related
cve
cve
CVE-2024-1486
2024-05-14 16:15:57
nvd
nvd
CVE-2024-1486
2024-05-14 16:15:57
cvelist
cvelist
ics
ics
GE Healthcare Ultrasound Products (Update A)
2024-05-16 12:00:00
CVSS3
7.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-1486