Gehealthcare
Products
40- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- View all 40 products →
Recent CVEs
43| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6966 | Cri | 0.65 | 10.0 | 0.02 | Jan 24, 2020 | In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control,… | ||
| CVE-2020-6962 | Cri | 0.65 | 10.0 | 0.05 | Jan 24, 2020 | In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions… | ||
| CVE-2020-6961 | Cri | 0.65 | 10.0 | 0.02 | Jan 24, 2020 | In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected… | ||
| CVE-2020-25175 | Cri | 0.64 | 9.8 | 0.01 | Dec 14, 2020 | GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. | ||
| CVE-2020-6965 | Cri | 0.64 | 9.9 | 0.01 | Jan 24, 2020 | In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850… | ||
| CVE-2017-14008 | Cri | 0.64 | 9.8 | 0.03 | Mar 20, 2018 | GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | ||
| CVE-2017-14006 | Cri | 0.64 | 9.8 | 0.02 | Mar 20, 2018 | GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the… | ||
| CVE-2017-14004 | Cri | 0.64 | 9.8 | 0.02 | Mar 20, 2018 | GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | ||
| CVE-2017-14002 | Cri | 0.64 | 9.8 | 0.05 | Mar 20, 2018 | GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected… | ||
| CVE-2024-27107 | Cri | 0.62 | 9.6 | 0.00 | May 14, 2024 | Weak account password in GE HealthCare EchoPAC products | ||
| CVE-2020-6964 | Hig | 0.56 | 8.6 | 0.01 | Jan 24, 2020 | In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for… | ||
| CVE-2024-27110 | Hig | 0.55 | 8.4 | 0.00 | May 14, 2024 | Elevation of privilege vulnerability in GE HealthCare EchoPAC products | ||
| CVE-2024-1630 | Hig | 0.50 | 7.7 | 0.00 | May 14, 2024 | Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component | ||
| CVE-2024-27109 | Hig | 0.49 | 7.6 | 0.00 | May 14, 2024 | Insufficiently protected credentials in GE HealthCare EchoPAC products | ||
| CVE-2024-27108 | Med | 0.44 | 6.8 | 0.00 | May 14, 2024 | Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products | ||
| CVE-2024-1629 | Med | 0.40 | 6.2 | 0.00 | May 14, 2024 | Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component | ||
| CVE-2024-27106 | Med | 0.37 | 5.7 | 0.00 | May 14, 2024 | Vulnerable data in transit in GE HealthCare EchoPAC products | ||
| CVE-2014-9736 | 0.00 | — | 0.02 | Aug 4, 2015 | GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage… | |||
| CVE-2014-7233 | 0.00 | — | 0.02 | Aug 4, 2015 | GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration,… | |||
| CVE-2014-7232 | 0.00 | — | 0.02 | Aug 4, 2015 | GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default,… |
- risk 0.65cvss 10.0epss 0.02
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control,…
- risk 0.65cvss 10.0epss 0.05
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions…
- risk 0.65cvss 10.0epss 0.02
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected…
- risk 0.64cvss 9.8epss 0.01
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
- risk 0.64cvss 9.9epss 0.01
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850…
- risk 0.64cvss 9.8epss 0.03
GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.
- risk 0.64cvss 9.8epss 0.02
GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the…
- risk 0.64cvss 9.8epss 0.02
GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.
- risk 0.64cvss 9.8epss 0.05
GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected…
- risk 0.62cvss 9.6epss 0.00
Weak account password in GE HealthCare EchoPAC products
- risk 0.56cvss 8.6epss 0.01
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for…
- risk 0.55cvss 8.4epss 0.00
Elevation of privilege vulnerability in GE HealthCare EchoPAC products
- risk 0.50cvss 7.7epss 0.00
Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component
- risk 0.49cvss 7.6epss 0.00
Insufficiently protected credentials in GE HealthCare EchoPAC products
- risk 0.44cvss 6.8epss 0.00
Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products
- risk 0.40cvss 6.2epss 0.00
Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component
- risk 0.37cvss 5.7epss 0.00
Vulnerable data in transit in GE HealthCare EchoPAC products
- CVE-2014-9736Aug 4, 2015risk 0.00cvss —epss 0.02
GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage…
- CVE-2014-7233Aug 4, 2015risk 0.00cvss —epss 0.02
GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration,…
- CVE-2014-7232Aug 4, 2015risk 0.00cvss —epss 0.02
GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default,…