CVE-2020-6961

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1140%

EPSS Percentile24.54th

PublishedJan 24, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.

Affected Platforms (CPE)

💻

Gehealthcare

Apexpro Telemetry Server Firmware

<= 4.2

💻

Gehealthcare

Carescape Central Station Mai700 Firmware

= 1.0

💻

Gehealthcare

Carescape Central Station Mas700 Firmware

= 1.0

💻

Gehealthcare

Clinical Information Center Mp100d Firmware

= 4.0

💻

Gehealthcare

Clinical Information Center Mp100d Firmware

= 5.0

💻

Gehealthcare

Clinical Information Center Mp100r Firmware

= 4.0

💻

Gehealthcare

Clinical Information Center Mp100r Firmware

= 5.0

💻

Gehealthcare

Carescape Telemetry Server Mp100r Firmware

<= 4.2

💻

Gehealthcare

Carescape Telemetry Server Mp100r Firmware

= 4.3

References & Advisories

🔗 https://www.us-cert.gov/ics/advisories/icsma-20-023-01

🔗 https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf

🔗 https://www.us-cert.gov/ics/advisories/icsma-20-023-01

Vulnerability Description

Affected Platforms (CPE)

Apexpro Telemetry Server Firmware

Carescape Central Station Mai700 Firmware

Carescape Central Station Mas700 Firmware

Clinical Information Center Mp100d Firmware

Clinical Information Center Mp100d Firmware

Clinical Information Center Mp100r Firmware

Clinical Information Center Mp100r Firmware

Carescape Telemetry Server Mp100r Firmware

Carescape Telemetry Server Mp100r Firmware

References & Advisories

Related Vulnerabilities