Vulnerabilities > Gehealthcare > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-01-24 CVE-2020-6966 Inadequate Encryption Strength vulnerability in Gehealthcare products
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.
network
low complexity
gehealthcare CWE-326
critical
10.0
2020-01-24 CVE-2020-6963 Improper Input Validation vulnerability in Gehealthcare products
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.
network
low complexity
gehealthcare CWE-20
critical
10.0
2020-01-24 CVE-2020-6962 Improper Input Validation vulnerability in Gehealthcare products
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.
network
low complexity
gehealthcare CWE-20
critical
10.0
2015-08-04 CVE-2014-9736 Credentials Management vulnerability in Gehealthcare Centricity Clinical Archive Audit Trail Repository
GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors.
network
low complexity
gehealthcare CWE-255
critical
10.0
2015-08-04 CVE-2014-7233 Credentials Management vulnerability in Gehealthcare Precision Thunis-800+
GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors.
network
low complexity
gehealthcare CWE-255
critical
10.0
2015-08-04 CVE-2014-7232 Credentials Management vulnerability in Gehealthcare Discovery Xr656 and Discovery Xr656 G2
GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors.
network
low complexity
gehealthcare CWE-255
critical
10.0
2015-08-04 CVE-2013-7442 Credentials Management vulnerability in Gehealthcare Centricity Pacs Workstation 4.0/4.0.1
GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro.
network
low complexity
gehealthcare CWE-255
critical
10.0
2015-08-04 CVE-2013-7405 Credentials Management vulnerability in Gehealthcare Centricity DMS 4.2
The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors.
network
low complexity
gehealthcare CWE-255
critical
10.0
2015-08-04 CVE-2013-7404 Credentials Management vulnerability in Gehealthcare Discovery NM 750B
GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors.
network
low complexity
gehealthcare CWE-255
critical
10.0
2015-08-04 CVE-2012-6695 Credentials Management vulnerability in Gehealthcare Centricity Pacs Workstation 4.0/4.0.1
GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors.
network
low complexity
gehealthcare CWE-255
critical
10.0