CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
[
{
"vendor": "GE HealthCare",
"product": "Venue",
"versions": [
{
"status": "affected",
"version": "R1"
},
{
"status": "affected",
"version": "R2"
},
{
"status": "affected",
"version": "R3",
"versionType": "custom",
"lessThanOrEqual": "R3.3"
},
{
"status": "affected",
"version": "R4",
"versionType": "custom",
"lessThanOrEqual": "R4.2"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Venue Go",
"versions": [
{
"status": "affected",
"version": "R2"
},
{
"status": "affected",
"version": "R3",
"versionType": "custom",
"lessThanOrEqual": "R3.3"
},
{
"status": "affected",
"version": "R4",
"versionType": "custom",
"lessThanOrEqual": "R4.2"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Venue Fit",
"versions": [
{
"status": "affected",
"version": "R3",
"versionType": "custom",
"lessThanOrEqual": "R3.3"
},
{
"status": "affected",
"version": "R4",
"versionType": "custom",
"lessThanOrEqual": "R4.2"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "LOGIQ e",
"versions": [
{
"status": "affected",
"version": "R7",
"versionType": "custom",
"lessThanOrEqual": "R9.1.4"
},
{
"status": "affected",
"version": "R8",
"versionType": "custom",
"lessThanOrEqual": "R10.1.3"
},
{
"status": "affected",
"version": "R9",
"versionType": "custom",
"lessThanOrEqual": "R11.0.2"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "LOGIQ He",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "R9.3.1"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Vivid E",
"versions": [
{
"status": "affected",
"version": "E95",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "E90",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "E80",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "E9 113.2",
"versionType": "custom",
"lessThanOrEqual": "113.2"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Vivid S",
"versions": [
{
"status": "affected",
"version": "70N",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "60N",
"lessThan": "206",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Vivid T",
"versions": [
{
"status": "affected",
"version": "T8",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "T9",
"lessThan": "206",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Vivid iq",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "206",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Invenia ABUS",
"versions": [
{
"status": "affected",
"version": "1.2.3"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "GE HealthCare",
"product": "Invenia ABUS 2.0",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.2.9",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]
[
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "venue_firmware",
"versions": [
{
"status": "affected",
"version": "R1"
},
{
"status": "affected",
"version": "R2"
},
{
"status": "affected",
"version": "R3",
"versionType": "custom",
"lessThanOrEqual": "R3.3"
},
{
"status": "affected",
"version": "R4",
"versionType": "custom",
"lessThanOrEqual": "R4.2"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "venue_go_firmware",
"versions": [
{
"status": "affected",
"version": "R2"
},
{
"status": "affected",
"version": "R3",
"versionType": "custom",
"lessThanOrEqual": "R3.3"
},
{
"status": "affected",
"version": "R4",
"versionType": "custom",
"lessThanOrEqual": "R4.2"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "venue_fit_firmware",
"versions": [
{
"status": "affected",
"version": "R3",
"versionType": "custom",
"lessThanOrEqual": "R3.3"
},
{
"status": "affected",
"version": "R4",
"versionType": "custom",
"lessThanOrEqual": "R4.2"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "logiq_e_firmware",
"versions": [
{
"status": "affected",
"version": "R7",
"versionType": "custom",
"lessThanOrEqual": "R9.1.4"
},
{
"status": "affected",
"version": "R8",
"versionType": "custom",
"lessThanOrEqual": "R10.1.3"
},
{
"status": "affected",
"version": "R9",
"versionType": "custom",
"lessThanOrEqual": "R11.0.2"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "logiq_he_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "R9.3.1"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "vivid_e_firmware",
"versions": [
{
"status": "affected",
"version": "E95",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "E90",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "E80",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "E9 113.2",
"versionType": "custom",
"lessThanOrEqual": "113.2"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_s_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "vivid_s_firmware",
"versions": [
{
"status": "affected",
"version": "70N",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "60N",
"lessThan": "206",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "vivid_t_firmware",
"versions": [
{
"status": "affected",
"version": "T8",
"lessThan": "206",
"versionType": "custom"
},
{
"status": "affected",
"version": "T9",
"lessThan": "206",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "vivid_iq_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "206",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:invenia_abus_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "invenia_abus_firmware",
"versions": [
{
"status": "affected",
"version": "1.2.3"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:invenia_abus_2.0_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "gehealthcare",
"product": "invenia_abus_2.0_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.2.9",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total