CVE-2024-1630 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.7 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 29%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
gehealthcare	venue_firmware	r3 ≤ 𝑥 ≤ r3.3	ADP
gehealthcare	venue_firmware	r4 ≤ 𝑥 ≤ r4.3	ADP
gehealthcare	venue_go_firmware	r3 ≤ 𝑥 ≤ r3.3	ADP
gehealthcare	venue_go_firmware	r4 ≤ 𝑥 ≤ r4.3	ADP
gehealthcare	venue_fit_firmware	r3 ≤ 𝑥 ≤ r3.3	ADP
gehealthcare	venue_fit_firmware	r4 ≤ 𝑥 ≤ r4.3	ADP
gehealthcare	logiq_e_firmware	r7 ≤ 𝑥 ≤ r9.1.4	ADP
gehealthcare	logiq_e_firmware	r8 ≤ 𝑥 ≤ r10.1.3	ADP
gehealthcare	logiq_e_firmware	r9 ≤ 𝑥 ≤ r11.0.3	ADP
gehealthcare	logiq_he_firmware	𝑥 ≤ r9.3.1	ADP
gehealthcare	vivid_e_firmware	e95 ≤ 𝑥 < 206	ADP
gehealthcare	vivid_e_firmware	e90 ≤ 𝑥 < 206	ADP
gehealthcare	vivid_e_firmware	e80 ≤ 𝑥 < 206	ADP
gehealthcare	vivid_t_firmware	t8 ≤ 𝑥 < 206	ADP
gehealthcare	vivid_t_firmware	t9 ≤ 𝑥 < 206	ADP
gehealthcare	vivid_iq_firmware	𝑥 < 206	ADP
gehealthcare	logiq_e10	𝑥 < r3.2.0	ADP
gehealthcare	logiq_e10s	𝑥 < r3.2.0	ADP
gehealthcare	logiq_fortis	𝑥 < r3.2.0	ADP

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://securityupdate.gehealthcare.com/

https://securityupdate.gehealthcare.com/