CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-6963

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile29.50th
Published2020年1月24日
Last Modified2024年11月21日

Vulnerability Description

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.

Affected Platforms (CPE)

💻
Gehealthcare

Apexpro Telemetry Server Firmware

<= 4.2
💻
Gehealthcare

Carescape Central Station Mai700 Firmware

= 1.0
💻
Gehealthcare

Carescape Central Station Mas700 Firmware

= 1.0
💻
Gehealthcare

Clinical Information Center Mp100d Firmware

= 4.0
💻
Gehealthcare

Clinical Information Center Mp100d Firmware

= 5.0
💻
Gehealthcare

Clinical Information Center Mp100r Firmware

= 4.0
💻
Gehealthcare

Clinical Information Center Mp100r Firmware

= 5.0
💻
Gehealthcare

Carescape Telemetry Server Mp100r Firmware

<= 4.2

References & Advisories

🔗 https://www.us-cert.gov/ics/advisories/icsma-20-023-01
🔗 https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf
🔗 https://www.us-cert.gov/ics/advisories/icsma-20-023-01

相关漏洞威胁

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2020-696210.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2020-195310.0

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes i...