CVE-2002-2446 - GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite accou

CVE-2002-2446

Summary

GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.

References

Vulnerable Configurations

cpe:2.3:o:gehealthcare:millennium_mg_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:millennium_mg_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:millennium_myosight_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:millennium_myosight_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:millennium_nc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:millennium_nc_firmware:-:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 28-03-2018 - 01:29)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm	http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA&DIRECTION=2338955-100&FILENAME=2338955-100.pdf&FILEREV=1&DOCREV_ORG=1 http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA&DIRECTION=2354459-100&FILENAME=2354459-100.pdf&FILEREV=4&DOCREV_ORG=4
misc	http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/ https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02 https://twitter.com/digitalbond/status/619250429751222277

Last major update

28-03-2018 - 01:29

Published

04-08-2015 - 14:59

Last modified

28-03-2018 - 01:29