Vulnerabilities > CVE-2004-2777 - Credentials Management vulnerability in Gehealthcare Centricity Image Vault Firmware
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Common Weakness Enumeration (CWE)
References
- http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA&DIRECTION=2010564-002&FILENAME=2010564-002E.pdf&FILEREV=E&DOCREV_ORG=E
- http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA&DIRECTION=2010564-002&FILENAME=2010564-002E.pdf&FILEREV=E&DOCREV_ORG=E
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
- https://twitter.com/digitalbond/status/619250429751222277
- https://twitter.com/digitalbond/status/619250429751222277