Vulnerabilities > CVE-2010-5307 - Credentials Management vulnerability in Gehealthcare Optima Mr360 Firmware
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Common Weakness Enumeration (CWE)
References
- http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
- https://twitter.com/digitalbond/status/619250429751222277
- http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4
- https://twitter.com/digitalbond/status/619250429751222277
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/