2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2020-6962" ,
"sourceIdentifier" : "ics-cert@hq.dhs.gov" ,
"published" : "2020-01-24T17:15:13.127" ,
2024-11-23 13:10:58 +00:00
"lastModified" : "2024-11-21T05:36:23.703" ,
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution."
} ,
{
"lang" : "es" ,
"value" : "En ApexPro Telemetry Server, Versiones 4.2 y anteriores, CARESCAPE Telemetry Server Versiones v4.2 y anteriores, Clinical Information Center (CIC) Versiones 4.X y 5.X, CARESCAPE Telemetry Server Versi\u00f3n 4.3, CARESCAPE Central Station (CSCS) Versiones 1.X, CARESCAPE Central Station (CSCS) Versiones 2.X, B450 Versi\u00f3n 2.X, B650 Versi\u00f3n 1.X, B650 Versi\u00f3n 2.X, B850 Versi\u00f3n 1.X, B850 Versi\u00f3n 2.X, se presenta una vulnerabilidad de comprobaci\u00f3n de entrada en la utilidad de configuraci\u00f3n del sistema basada en web que podr\u00eda permitir a un atacante obtener una ejecuci\u00f3n arbitraria de c\u00f3digo remoto."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" ,
2024-11-23 13:10:58 +00:00
"baseScore" : 10.0 ,
"baseSeverity" : "CRITICAL" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-11-23 13:10:58 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 6.0
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C" ,
2024-11-23 13:10:58 +00:00
"baseScore" : 10.0 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "COMPLETE" ,
"integrityImpact" : "COMPLETE" ,
2024-11-23 13:10:58 +00:00
"availabilityImpact" : "COMPLETE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 10.0 ,
"impactScore" : 10.0 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
2024-11-23 13:10:58 +00:00
"source" : "ics-cert@hq.dhs.gov" ,
"type" : "Secondary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-20"
}
]
} ,
{
2024-11-23 13:10:58 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-20"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "4.2" ,
"matchCriteriaId" : "4C5DD75E-7D4D-4B05-A84D-EDEAA2D23E59"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:4.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6A7CD125-E50C-4A1E-BF2B-318162D634CC"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:gehealthcare:apexpro_telemetry_server:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A94476A1-B004-4561-918D-C41631F36D9F"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:carescape_b450_monitor_firmware:2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C9607F33-BAC9-4F45-8685-9091CBBF4336"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:gehealthcare:carescape_b450_monitor:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FDF68D5F-E436-492A-965E-0E9E254ACBFF"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:carescape_b650_monitor_firmware:1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CF1DCCAF-A4E6-484B-953D-9352C85DE894"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:carescape_b650_monitor_firmware:2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D9A5B8CF-5214-4056-87CD-CD1F98142BD6"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:gehealthcare:carescape_b650_monitor:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3B149BFB-BB31-4FFC-BC4D-299AB326136D"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:carescape_b850_monitor_firmware:1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BDE014C2-9814-4137-9270-9B2AB55D3ABF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:carescape_b850_monitor_firmware:2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AD10A852-3E11-4436-B771-53A9947A355E"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:gehealthcare:carescape_b850_monitor:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7B8CA355-421A-44DE-A7EA-0BC0ACFDD697"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "28F6C17B-2288-4EA1-B89F-6E1FED96ADD1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9304DE75-4BCB-4C13-97D5-547195441591"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:gehealthcare:carescape_central_station_mai700:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4C2C8D13-A1C6-4DD1-9886-F925E2158C3A"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "85D5EF4C-F118-4CA9-93C1-6366303F8893"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "43F897B5-1F21-466D-A99C-2E6A98E93FFA"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:gehealthcare:carescape_central_station_mas700:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "42991B9E-1D70-4A40-A283-162F2A73669B"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2FE710E0-76E4-4F7E-890C-9AEB00F5DB13"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "68B32A68-64CF-4579-B465-F1B8F4997C48"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:gehealthcare:clinical_information_center_mp100d:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D0E93396-C7BB-4E53-8921-8251DC6A0F75"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "57D4B8E4-C481-446C-BF46-6FB6253344A1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "71F1DE32-2C25-4C0C-A4BF-30F5F3F19C70"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:gehealthcare:clinical_information_center_mp100r:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "057C6A3F-BD7E-4655-B9D9-1402C5259D59"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:carescape_telemetry_server_mp100r_firmware:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "4.2" ,
"matchCriteriaId" : "E7A592B9-9BE4-4096-B733-EE9A03D7A610"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:gehealthcare:carescape_telemetry_server_mp100r_firmware:4.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "13F7A4D6-2B11-4B74-A645-8AB1ADDBBC95"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:gehealthcare:carescape_telemetry_server_mp100r:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "636B9839-E067-4BB0-A5FF-F3B4BE12AB50"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" ,
"source" : "ics-cert@hq.dhs.gov" ,
"tags" : [
"Third Party Advisory" ,
"US Government Resource"
]
} ,
{
"url" : "https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf" ,
"source" : "nvd@nist.gov" ,
"tags" : [
"Product"
]
2024-11-23 13:10:58 +00:00
} ,
{
"url" : "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory" ,
"US Government Resource"
]
2023-04-24 12:24:31 +02:00
}
]
}
