CVE-2020-6961

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1140%

EPSS Percentile24.54th

Published2020年1月24日

Last Modified2024年11月21日

Vulnerability Description

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.

Affected Platforms (CPE)

💻

Gehealthcare

Apexpro Telemetry Server Firmware

<= 4.2

💻

Gehealthcare

Carescape Central Station Mai700 Firmware

= 1.0

💻

Gehealthcare

Carescape Central Station Mas700 Firmware

= 1.0

💻

Gehealthcare

Clinical Information Center Mp100d Firmware

= 4.0

💻

Gehealthcare

Clinical Information Center Mp100d Firmware

= 5.0

💻

Gehealthcare

Clinical Information Center Mp100r Firmware

= 4.0

💻

Gehealthcare

Clinical Information Center Mp100r Firmware

= 5.0

💻

Gehealthcare

Carescape Telemetry Server Mp100r Firmware

<= 4.2

💻

Gehealthcare

Carescape Telemetry Server Mp100r Firmware

= 4.3

References & Advisories

🔗 https://www.us-cert.gov/ics/advisories/icsma-20-023-01

🔗 https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf

🔗 https://www.us-cert.gov/ics/advisories/icsma-20-023-01

Vulnerability Description

Affected Platforms (CPE)

Apexpro Telemetry Server Firmware

Carescape Central Station Mai700 Firmware

Carescape Central Station Mas700 Firmware

Clinical Information Center Mp100d Firmware

Clinical Information Center Mp100d Firmware

Clinical Information Center Mp100r Firmware

Clinical Information Center Mp100r Firmware

Carescape Telemetry Server Mp100r Firmware

Carescape Telemetry Server Mp100r Firmware

References & Advisories

相關漏洞威脅