CVE-2020-6966

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:apexpro_telemetry_server:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:carescape_central_station_mai700:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:carescape_central_station_mas700:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:5.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:clinical_information_center_mp100d:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:5.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:clinical_information_center_mp100r:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:gehealthcare:carescape_telemetry_server_mp100r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:carescape_telemetry_server_mp100r:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:36

Type Values Removed Values Added
References () https://www.us-cert.gov/ics/advisories/icsma-20-023-01 - Third Party Advisory, US Government Resource () https://www.us-cert.gov/ics/advisories/icsma-20-023-01 - Third Party Advisory, US Government Resource

Information

Published : 2020-01-24 18:15

Updated : 2024-11-21 05:36


NVD link : CVE-2020-6966

Mitre link : CVE-2020-6966

CVE.ORG link : CVE-2020-6966


JSON object : View

Products Affected

gehealthcare

  • carescape_telemetry_server_mp100r
  • carescape_central_station_mas700_firmware
  • carescape_telemetry_server_mp100r_firmware
  • carescape_central_station_mas700
  • clinical_information_center_mp100r
  • clinical_information_center_mp100d_firmware
  • apexpro_telemetry_server
  • clinical_information_center_mp100d
  • apexpro_telemetry_server_firmware
  • carescape_central_station_mai700
  • carescape_central_station_mai700_firmware
  • clinical_information_center_mp100r_firmware
CWE
CWE-326

Inadequate Encryption Strength