In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.
References
Link | Resource |
---|---|
https://www.us-cert.gov/ics/advisories/icsma-20-023-01 | Third Party Advisory US Government Resource |
https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf | Product |
https://www.us-cert.gov/ics/advisories/icsma-20-023-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
21 Nov 2024, 05:36
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.us-cert.gov/ics/advisories/icsma-20-023-01 - Third Party Advisory, US Government Resource |
Information
Published : 2020-01-24 17:15
Updated : 2024-11-21 05:36
NVD link : CVE-2020-6964
Mitre link : CVE-2020-6964
CVE.ORG link : CVE-2020-6964
JSON object : View
Products Affected
gehealthcare
- carescape_telemetry_server_mp100r
- carescape_central_station_mas700_firmware
- carescape_telemetry_server_mp100r_firmware
- carescape_central_station_mas700
- clinical_information_center_mp100r
- clinical_information_center_mp100d_firmware
- apexpro_telemetry_server
- clinical_information_center_mp100d
- apexpro_telemetry_server_firmware
- carescape_central_station_mai700
- carescape_central_station_mai700_firmware
- clinical_information_center_mp100r_firmware
CWE
CWE-306
Missing Authentication for Critical Function