CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-6966

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1420%
EPSS Percentile40.10th
Published2020年1月24日
Last Modified2024年11月21日

Vulnerability Description

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.

Affected Platforms (CPE)

💻
Gehealthcare

Apexpro Telemetry Server Firmware

<= 4.2
💻
Gehealthcare

Carescape Central Station Mai700 Firmware

= 1.0
💻
Gehealthcare

Carescape Central Station Mas700 Firmware

= 1.0
💻
Gehealthcare

Clinical Information Center Mp100d Firmware

= 4.0
💻
Gehealthcare

Clinical Information Center Mp100d Firmware

= 5.0
💻
Gehealthcare

Clinical Information Center Mp100r Firmware

= 4.0
💻
Gehealthcare

Clinical Information Center Mp100r Firmware

= 5.0
💻
Gehealthcare

Carescape Telemetry Server Mp100r Firmware

<= 4.2

References & Advisories

🔗 https://www.us-cert.gov/ics/advisories/icsma-20-023-01
🔗 https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf
🔗 https://www.us-cert.gov/ics/advisories/icsma-20-023-01

関連する脆弱性情報

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...