CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
43.8%
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.
Vendor | Product | Version | CPE |
---|---|---|---|
gehealthcare | apexpro_telemetry_server_firmware | * | cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:*:*:*:*:*:*:*:* |
gehealthcare | apexpro_telemetry_server | - | cpe:2.3:h:gehealthcare:apexpro_telemetry_server:-:*:*:*:*:*:*:* |
gehealthcare | carescape_central_station_mai700_firmware | 1.0 | cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:1.0:*:*:*:*:*:*:* |
gehealthcare | carescape_central_station_mai700_firmware | 2.0 | cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:2.0:*:*:*:*:*:*:* |
gehealthcare | carescape_central_station_mai700 | - | cpe:2.3:h:gehealthcare:carescape_central_station_mai700:-:*:*:*:*:*:*:* |
gehealthcare | carescape_central_station_mas700_firmware | 1.0 | cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:1.0:*:*:*:*:*:*:* |
gehealthcare | carescape_central_station_mas700_firmware | 2.0 | cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:2.0:*:*:*:*:*:*:* |
gehealthcare | carescape_central_station_mas700 | - | cpe:2.3:h:gehealthcare:carescape_central_station_mas700:-:*:*:*:*:*:*:* |
gehealthcare | clinical_information_center_mp100d_firmware | 4.0 | cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:4.0:*:*:*:*:*:*:* |
gehealthcare | clinical_information_center_mp100d_firmware | 5.0 | cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:5.0:*:*:*:*:*:*:* |
[
{
"product": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X"
}
]
}
]
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
43.8%