CVE-2020-6963
24.01.2020, 17:15
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gehealthcare | apexpro_telemetry_server_firmware | 𝑥 ≤ 4.2 |
| gehealthcare | carescape_central_station_mai700_firmware | 1.0 |
| gehealthcare | carescape_central_station_mas700_firmware | 1.0 |
| gehealthcare | clinical_information_center_mp100d_firmware | 4.0 |
| gehealthcare | clinical_information_center_mp100d_firmware | 5.0 |
| gehealthcare | clinical_information_center_mp100r_firmware | 4.0 |
| gehealthcare | clinical_information_center_mp100r_firmware | 5.0 |
| gehealthcare | carescape_telemetry_server_mp100r_firmware | 𝑥 ≤ 4.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.