Vulnerabilities > CVE-2012-6660 - Credentials Management vulnerability in Gehealthcare Precision MPI
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- http://apps.gehealthcare.com/servlet/ClientServlet/2407310-100+Vol.+F_Rev1.pdf?REQ=RAA&DIRECTION=2407310-100+Vol.+F&FILENAME=2407310-100%2BVol.%2BF_Rev1.pdf&FILEREV=1&DOCREV_ORG=1
- http://apps.gehealthcare.com/servlet/ClientServlet/2407310-100+Vol.+F_Rev1.pdf?REQ=RAA&DIRECTION=2407310-100+Vol.+F&FILENAME=2407310-100%2BVol.%2BF_Rev1.pdf&FILEREV=1&DOCREV_ORG=1
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
- https://twitter.com/digitalbond/status/619250429751222277
- https://twitter.com/digitalbond/status/619250429751222277