Vulnerabilities > Gehealthcare > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-24 | CVE-2020-6966 | Inadequate Encryption Strength vulnerability in Gehealthcare products In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network. | 10.0 |
| 2020-01-24 | CVE-2020-6963 | Improper Input Validation vulnerability in Gehealthcare products In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code. | 10.0 |
| 2020-01-24 | CVE-2020-6962 | Improper Input Validation vulnerability in Gehealthcare products In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution. | 10.0 |
| 2015-08-04 | CVE-2014-9736 | Credentials Management vulnerability in Gehealthcare Centricity Clinical Archive Audit Trail Repository GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors. | 10.0 |
| 2015-08-04 | CVE-2014-7233 | Credentials Management vulnerability in Gehealthcare Precision Thunis-800+ GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. | 10.0 |
| 2015-08-04 | CVE-2014-7232 | Credentials Management vulnerability in Gehealthcare Discovery Xr656 and Discovery Xr656 G2 GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. | 10.0 |
| 2015-08-04 | CVE-2013-7442 | Credentials Management vulnerability in Gehealthcare Centricity Pacs Workstation 4.0/4.0.1 GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. | 10.0 |
| 2015-08-04 | CVE-2013-7405 | Credentials Management vulnerability in Gehealthcare Centricity DMS 4.2 The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. | 10.0 |
| 2015-08-04 | CVE-2013-7404 | Credentials Management vulnerability in Gehealthcare Discovery NM 750B GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. | 10.0 |
| 2015-08-04 | CVE-2012-6695 | Credentials Management vulnerability in Gehealthcare Centricity Pacs Workstation 4.0/4.0.1 GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. | 10.0 |