Vulnerabilities > CVE-2020-6977 - Unspecified vulnerability in GE products

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

NVD

Published: 2020-02-20

Updated: 2020-03-05

Summary

A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5

Vulnerable Configurations

Part	Description	Count
OS	Ge GE Vivid E95 Firmware * GE Vivid E90 Firmware * GE Vivid S70N Firmware * GE Vivid T8 Firmware * GE Vivid T9 Firmware * GE Vivid IQ Firmware * GE Logiq E10 Firmware * GE Logiq E9 Firmware * GE Logiq S8 Firmware * GE Logiq S7 Firmware * GE Logiq P9 Firmware * GE Logiq E9 With Xdclear Firmware * GE Voluson Firmware * GE Versana Essential Firmware * GE Invenia Abus Scan Station Firmware * GE Venue GO Firmware *	16
Hardware	Ge GE Vivid E95 - GE Vivid E90 - GE Vivid S70N - GE Vivid T8 - GE Vivid T9 - GE Vivid IQ - GE Logiq E10 - GE Logiq E9 - GE Logiq S8 - GE Logiq S7 - GE Logiq P9 - GE Logiq E9 With Xdclear - GE Voluson - GE Versana Essential - GE Invenia Abus Scan Station - GE Venue GO -	16

References

https://www.us-cert.gov/ics/advisories/icsma-20-049-02