CVE-2020-6964

EUVD-2020-28104
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
gehealthcareapexpro_telemetry_server_firmware
𝑥
≤ 4.2
gehealthcarecarescape_central_station_mai700_firmware
1.0
gehealthcarecarescape_central_station_mai700_firmware
2.0
gehealthcarecarescape_central_station_mas700_firmware
1.0
gehealthcarecarescape_central_station_mas700_firmware
2.0
gehealthcareclinical_information_center_mp100d_firmware
4.0
gehealthcareclinical_information_center_mp100d_firmware
5.0
gehealthcareclinical_information_center_mp100r_firmware
4.0
gehealthcareclinical_information_center_mp100r_firmware
5.0
gehealthcarecarescape_telemetry_server_mp100r_firmware
𝑥
≤ 4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.us-cert.gov/ics/advisories/icsma-20-023-01
https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf
https://www.us-cert.gov/ics/advisories/icsma-20-023-01