CVE-2014-7233 - GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default Syste

CVE-2014-7233

Summary

GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.

References

Vulnerable Configurations

cpe:2.3:h:gehealthcare:precision_thunis-800\+:*:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:precision_thunis-800\+:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 28-03-2018 - 01:29)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm	http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA&DIRECTION=5458232-1EN&FILENAME=5458232-1EN%2Br4.pdf&FILEREV=4&DOCREV_ORG=4
misc	http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/ https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02 https://twitter.com/digitalbond/status/619250429751222277

Last major update

28-03-2018 - 01:29

Published

04-08-2015 - 14:59

Last modified

28-03-2018 - 01:29