CVE-2012-6693

2015-08-0414:59:18

CWE-255

[email protected]

web.nvd.nist.gov

cve-2012-6693

ge healthcare

centricity pacs 4.0

default password

vulnerability

nvd

security

risk

password management

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.3%

JSON

GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors.

Affected configurations

NVD

Node

gehealthcarecentricity_pacs_serverMatch4.0

CPENameOperatorVersion
gehealthcare:centricity_pacs_servergehealthcare centricity pacs servereq4.0

CPE	Name	Operator	Version
gehealthcare:centricity_pacs_server	gehealthcare centricity pacs server	eq	4.0

References

apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1

apps.gehealthcare.com/servlet/ClientServlet/C4x_SRV_SVC_2063464-001r2.pdf?REQ=RAA&DIRECTION=2063464-001&FILENAME=C4x_SRV_SVC_2063464-001r2.pdf&FILEREV=2&DOCREV_ORG=2

www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/

ics-cert.us-cert.gov/advisories/ICSMA-18-037-02

twitter.com/digitalbond/status/619250429751222277