CVE-2020-6966

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1420%

EPSS Percentile40.10th

PublishedJan 24, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.

Affected Platforms (CPE)

💻

Gehealthcare

Apexpro Telemetry Server Firmware

<= 4.2

💻

Gehealthcare

Carescape Central Station Mai700 Firmware

= 1.0

💻

Gehealthcare

Carescape Central Station Mas700 Firmware

= 1.0

💻

Gehealthcare

Clinical Information Center Mp100d Firmware

= 4.0

💻

Gehealthcare

Clinical Information Center Mp100d Firmware

= 5.0

💻

Gehealthcare

Clinical Information Center Mp100r Firmware

= 4.0

💻

Gehealthcare

Clinical Information Center Mp100r Firmware

= 5.0

💻

Gehealthcare

Carescape Telemetry Server Mp100r Firmware

<= 4.2

References & Advisories

🔗 https://www.us-cert.gov/ics/advisories/icsma-20-023-01

🔗 https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf

🔗 https://www.us-cert.gov/ics/advisories/icsma-20-023-01

Vulnerability Description

Affected Platforms (CPE)

Apexpro Telemetry Server Firmware

Carescape Central Station Mai700 Firmware

Carescape Central Station Mas700 Firmware

Clinical Information Center Mp100d Firmware

Clinical Information Center Mp100d Firmware

Clinical Information Center Mp100r Firmware

Clinical Information Center Mp100r Firmware

Carescape Telemetry Server Mp100r Firmware

References & Advisories

Related Vulnerabilities