CVE-2020-6963

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.
Severity
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
gehealthcareapexpro_telemetry_server_firmware
𝑥
≤ 4.2
gehealthcarecarescape_central_station_mai700_firmware
1.0
gehealthcarecarescape_central_station_mas700_firmware
1.0
gehealthcareclinical_information_center_mp100d_firmware
4.0
gehealthcareclinical_information_center_mp100d_firmware
5.0
gehealthcareclinical_information_center_mp100r_firmware
4.0
gehealthcareclinical_information_center_mp100r_firmware
5.0
gehealthcarecarescape_telemetry_server_mp100r_firmware
𝑥
≤ 4.2
𝑥
= Vulnerable software versions