Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIcscertCVE-2020-6965
HistoryJan 24, 2020 - 6:15 p.m.

CVE-2020-6965

2020-01-2418:15:12
CWE-20
CWE-434
icscert
web.nvd.nist.gov
38
cve-2020-6965
apexpro telemetry server
carescape telemetry server
clinical information center
carescape central station
b450
b650
b850
vulnerability
file upload
software update

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.001

Percentile

40.1%

JSON

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.

Affected configurations

Nvd
Node
gehealthcareapexpro_telemetry_server_firmwareRange4.2
AND
gehealthcareapexpro_telemetry_serverMatch-
Node
gehealthcarecarescape_b450_monitor_firmwareMatch2.0
AND
gehealthcarecarescape_b450_monitorMatch-
Node
gehealthcarecarescape_b650_monitor_firmwareMatch1.0
OR
gehealthcarecarescape_b650_monitor_firmwareMatch2.0
AND
gehealthcarecarescape_b650_monitorMatch-
Node
gehealthcarecarescape_b850_monitor_firmwareMatch1.0
OR
gehealthcarecarescape_b850_monitor_firmwareMatch2.0
AND
gehealthcarecarescape_b850_monitorMatch-
Node
gehealthcarecarescape_central_station_mai700_firmwareMatch1.0
AND
gehealthcarecarescape_central_station_mai700Match-
Node
gehealthcarecarescape_central_station_mas700_firmwareMatch1.0
AND
gehealthcarecarescape_central_station_mas700Match-
Node
gehealthcareclinical_information_center_mp100d_firmwareMatch4.0
OR
gehealthcareclinical_information_center_mp100d_firmwareMatch5.0
AND
gehealthcareclinical_information_center_mp100dMatch-
Node
gehealthcareclinical_information_center_mp100r_firmwareMatch4.0
OR
gehealthcareclinical_information_center_mp100r_firmwareMatch5.0
AND
gehealthcareclinical_information_center_mp100rMatch-
Node
gehealthcarecarescape_telemetry_server_mp100r_firmwareRange4.2
AND
gehealthcarecarescape_telemetry_server_mp100rMatch-
VendorProductVersionCPE
gehealthcareapexpro_telemetry_server_firmware*cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:*:*:*:*:*:*:*:*
gehealthcareapexpro_telemetry_server-cpe:2.3:h:gehealthcare:apexpro_telemetry_server:-:*:*:*:*:*:*:*
gehealthcarecarescape_b450_monitor_firmware2.0cpe:2.3:o:gehealthcare:carescape_b450_monitor_firmware:2.0:*:*:*:*:*:*:*
gehealthcarecarescape_b450_monitor-cpe:2.3:h:gehealthcare:carescape_b450_monitor:-:*:*:*:*:*:*:*
gehealthcarecarescape_b650_monitor_firmware1.0cpe:2.3:o:gehealthcare:carescape_b650_monitor_firmware:1.0:*:*:*:*:*:*:*
gehealthcarecarescape_b650_monitor_firmware2.0cpe:2.3:o:gehealthcare:carescape_b650_monitor_firmware:2.0:*:*:*:*:*:*:*
gehealthcarecarescape_b650_monitor-cpe:2.3:h:gehealthcare:carescape_b650_monitor:-:*:*:*:*:*:*:*
gehealthcarecarescape_b850_monitor_firmware1.0cpe:2.3:o:gehealthcare:carescape_b850_monitor_firmware:1.0:*:*:*:*:*:*:*
gehealthcarecarescape_b850_monitor_firmware2.0cpe:2.3:o:gehealthcare:carescape_b850_monitor_firmware:2.0:*:*:*:*:*:*:*
gehealthcarecarescape_b850_monitor-cpe:2.3:h:gehealthcare:carescape_b850_monitor:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 221

CNA Affected

[
  {
    "product": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
ics 1
threatpost 1
nvd
nvd
CVE-2020-6965
2020-01-24 18:15:12
prion
prion
Information disclosure
2020-01-24 18:15:00
cvelist
cvelist
CVE-2020-6965
2020-01-24 17:06:53
ics
ics
GE CARESCAPE, ApexPro, and Clinical Information Center systems
2020-01-23 12:00:00
threatpost
threatpost
Critical, Unpatched 'MDhex' Bugs Threaten Hospital Devices
2020-01-23 20:02:41

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.001

Percentile

40.1%

JSON
Related for CVE-2020-6965
nvd1prion1cvelist1ics1threatpost1