TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2020-6962

CRITICAL
10.0

Beschreibung

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.

CVE Details

CVSS v3.1 Bewertung10.0
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht1/24/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

gehealthcare:apexpro_telemetry_servergehealthcare:apexpro_telemetry_server_firmwaregehealthcare:carescape_b450_monitorgehealthcare:carescape_b450_monitor_firmwaregehealthcare:carescape_b650_monitorgehealthcare:carescape_b650_monitor_firmwaregehealthcare:carescape_b850_monitorgehealthcare:carescape_b850_monitor_firmwaregehealthcare:carescape_central_station_mai700gehealthcare:carescape_central_station_mai700_firmwaregehealthcare:carescape_central_station_mas700gehealthcare:carescape_central_station_mas700_firmwaregehealthcare:carescape_telemetry_server_mp100rgehealthcare:carescape_telemetry_server_mp100r_firmwaregehealthcare:clinical_information_center_mp100dgehealthcare:clinical_information_center_mp100d_firmwaregehealthcare:clinical_information_center_mp100rgehealthcare:clinical_information_center_mp100r_firmware

Schwachen (CWE)

CWE-20CWE-20

Referenzen

https://www.us-cert.gov/ics/advisories/icsma-20-023-01(ics-cert@hq.dhs.gov)
https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf(nvd@nist.gov)
https://www.us-cert.gov/ics/advisories/icsma-20-023-01(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.