Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
9 vulnerabilities
CVE-2024-27110 (GCVE-0-2024-27110)
Vulnerability from cvelistv5 – Published: 2024-05-14 17:16 – Updated: 2024-08-02 00:27
VLAI
Title
Elevation of privilege vulnerability in GE HealthCare EchoPAC products
Summary
Elevation of privilege vulnerability in GE HealthCare EchoPAC products
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | EchoPAC Software Only |
Affected:
0
|
|
| GE HealthCare | ImageVault |
Affected:
0
|
|
| GE HealthCare | EchoPAC Turnkey |
Affected:
0
|
|
| gehealthcare | image_vault |
Affected:
-
cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_software |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_turnkey |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_vault",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_software",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_turnkey",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:22:50.224196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:21.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EchoPAC Software Only",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ImageVault",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EchoPAC Turnkey",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Elevation of privilege vulnerability in GE HealthCare EchoPAC products"
}
],
"value": "Elevation of privilege vulnerability in GE HealthCare EchoPAC products"
}
],
"impacts": [
{
"capecId": "CAPEC-69",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-69 Target Programs with Elevated Privileges"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:16:39.659Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Elevation of privilege vulnerability in GE HealthCare EchoPAC products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-27110",
"datePublished": "2024-05-14T17:16:39.659Z",
"dateReserved": "2024-02-19T15:22:56.573Z",
"dateUpdated": "2024-08-02T00:27:59.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27109 (GCVE-0-2024-27109)
Vulnerability from cvelistv5 – Published: 2024-05-14 17:13 – Updated: 2024-08-02 00:27
VLAI
Title
Insufficiently protected credentials in GE HealthCare EchoPAC products
Summary
Insufficiently protected credentials in GE HealthCare EchoPAC products
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | EchoPAC Software Only |
Affected:
0 , < 206.44
(custom)
|
|
| GE HealthCare | ImageVault |
Affected:
0
|
|
| GE HealthCare | EchoPAC Turnkey |
Affected:
0
|
|
| gehealthcare | image_vault |
Affected:
-
cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_software |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_turnkey |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_vault",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_software",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_turnkey",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:31:48.782021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:32.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EchoPAC Software Only",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206.44",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ImageVault",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EchoPAC Turnkey",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficiently protected credentials in GE HealthCare EchoPAC products"
}
],
"value": "Insufficiently protected credentials in GE HealthCare EchoPAC products"
}
],
"impacts": [
{
"capecId": "CAPEC-653",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-653 Use of Known Operating System Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:13:16.193Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficiently protected credentials in GE HealthCare EchoPAC products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-27109",
"datePublished": "2024-05-14T17:13:16.193Z",
"dateReserved": "2024-02-19T15:22:56.573Z",
"dateUpdated": "2024-08-02T00:27:59.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27108 (GCVE-0-2024-27108)
Vulnerability from cvelistv5 – Published: 2024-05-14 17:09 – Updated: 2024-08-02 00:27
VLAI
Title
Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products
Summary
Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | EchoPAC Software Only |
Affected:
0
|
|
| GE HealthCare | ImageVault |
Affected:
0
|
|
| GE HealthCare | EchoPAC Turnkey |
Affected:
0
|
|
| gehealthcare | image_vault |
Affected:
-
cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_software |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_turnkey |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_vault",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_software",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_turnkey",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:31:41.993414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:18.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:58.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EchoPAC Software Only",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ImageVault",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EchoPAC Turnkey",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products"
}
],
"value": "Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:09:08.166Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-27108",
"datePublished": "2024-05-14T17:09:08.166Z",
"dateReserved": "2024-02-19T15:22:56.572Z",
"dateUpdated": "2024-08-02T00:27:58.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27107 (GCVE-0-2024-27107)
Vulnerability from cvelistv5 – Published: 2024-05-14 17:05 – Updated: 2024-08-02 00:27
VLAI
Title
Weak account password in GE HealthCare EchoPAC products
Summary
Weak account password in GE HealthCare EchoPAC products
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | EchoPAC Software Only |
Affected:
0 , < 206.82
(custom)
|
|
| GE HealthCare | ImageVault |
Affected:
0
|
|
| GE HealthCare | EchoPAC Turnkey |
Affected:
0
|
|
| gehealthcare | image_vault |
Affected:
-
cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_software |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_turnkey |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_vault",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_software",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_turnkey",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:31:36.437377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:35.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EchoPAC Software Only",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206.82",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ImageVault",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EchoPAC Turnkey",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weak account password in GE HealthCare EchoPAC products"
}
],
"value": "Weak account password in GE HealthCare EchoPAC products"
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:05:22.568Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Weak account password in GE HealthCare EchoPAC products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-27107",
"datePublished": "2024-05-14T17:05:22.568Z",
"dateReserved": "2024-02-19T15:22:56.572Z",
"dateUpdated": "2024-08-02T00:27:59.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27106 (GCVE-0-2024-27106)
Vulnerability from cvelistv5 – Published: 2024-05-14 17:01 – Updated: 2024-08-02 00:27
VLAI
Title
Vulnerable data in transit in GE HealthCare EchoPAC products
Summary
Vulnerable data in transit in GE HealthCare EchoPAC products
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | EchoPAC Software Only |
Affected:
0
|
|
| GE HealthCare | ImageVault |
Affected:
0
|
|
| GE HealthCare | EchoPAC Turnkey |
Affected:
0
|
|
| gehealthcare | image_vault |
Affected:
-
cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_software |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:* |
|
| gehealthcare | echopac_turnkey |
Affected:
-
cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:gehealthcare:image_vault:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_vault",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_software",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:echopac_turnkey:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "echopac_turnkey",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:31:29.049031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:22.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EchoPAC Software Only",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ImageVault",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EchoPAC Turnkey",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerable data in transit in GE HealthCare EchoPAC products"
}
],
"value": "Vulnerable data in transit in GE HealthCare EchoPAC products"
}
],
"impacts": [
{
"capecId": "CAPEC-157",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-157 Sniffing Attacks"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T17:01:22.488Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Vulnerable data in transit in GE HealthCare EchoPAC products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-27106",
"datePublished": "2024-05-14T17:01:22.488Z",
"dateReserved": "2024-02-19T15:22:56.572Z",
"dateUpdated": "2024-08-02T00:27:59.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1630 (GCVE-0-2024-1630)
Vulnerability from cvelistv5 – Published: 2024-05-14 16:55 – Updated: 2024-08-22 17:51
VLAI
Title
Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component
Summary
Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component
Severity
7.7 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
30 products
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | Venue |
Affected:
R1
Affected: R2 Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.3 (custom) |
|
| GE HealthCare | Venue Go |
Affected:
R2
Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.3 (custom) |
|
| GE HealthCare | Venue Fit |
Affected:
R3 , ≤ R3.3
(custom)
Affected: R4 , ≤ R4.3 (custom) |
|
| GE HealthCare | LOGIQ e |
Affected:
R7 , ≤ R9.1.4
(custom)
Affected: R8 , ≤ R10.1.3 (custom) Affected: R9 , ≤ R11.0.3 (custom) |
|
| GE HealthCare | LOGIQ He |
Affected:
0 , ≤ R9.3.1
(custom)
|
|
| GE HealthCare | Vivid E |
Affected:
E95 , < 206
(custom)
Affected: E90 , < 206 (custom) Affected: E80 , < 206 (custom) |
|
| GE HealthCare | Vivid T |
Affected:
T8 , < 206
(custom)
Affected: T9 , < 206 (custom) |
|
| GE HealthCare | Vivid iq |
Affected:
0 , < 206
(custom)
|
|
| GE HealthCare | Voluson Expert 16 |
Affected:
0
Affected: BT24 |
|
| GE HealthCare | Voluson Expert 18 |
Affected:
0
Affected: BT24 |
|
| GE HealthCare | Voluson Expert 22 |
Affected:
0
Affected: BT24 |
|
| GE HealthCare | Voluson SWIFT |
Affected:
0
Affected: BT24 |
|
| GE HealthCare | LOGIQ E10 |
Affected:
0 , < R3.2.0
(custom)
|
|
| GE HealthCare | LOGIQ E10s |
Affected:
0 , < R3.2.0
(custom)
|
|
| GE HealthCare | LOGIQ Fortis |
Affected:
0 , < R3.2.0
(custom)
|
|
| gehealthcare | venue_firmware |
Affected:
r1
Affected: r2 Affected: r3 , ≤ r3.3 (custom) Affected: r4 , ≤ r4.3 (custom) cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | venue_go_firmware |
Affected:
r2
Affected: r3 , ≤ r3.3 (custom) Affected: r4 , ≤ r4.3 (custom) cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | venue_fit_firmware |
Affected:
r3 , ≤ r3.3
(custom)
Affected: r4 , ≤ r4.3 (custom) cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | logiq_e_firmware |
Affected:
r7 , ≤ r9.1.4
(custom)
Affected: r8 , ≤ r10.1.3 (custom) Affected: r9 , ≤ r11.0.3 (custom) cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | logiq_he_firmware |
Affected:
0 , ≤ r9.3.1
(custom)
cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | vivid_e_firmware |
Affected:
e95 , < 206
(custom)
Affected: e90 , < 206 (custom) Affected: e80 , < 206 (custom) cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | vivid_t_firmware |
Affected:
t8 , < 206
(custom)
Affected: t9 , < 206 (custom) cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | vivid_iq_firmware |
Affected:
0 , < 206
(custom)
cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | voluson_expert_16 |
Affected:
0
Affected: bt24 cpe:2.3:a:gehealthcare:voluson_expert_16:*:*:*:*:*:*:*:* |
|
| gehealthcare | voluson_expert_18 |
Affected:
0
Affected: bt24 cpe:2.3:a:gehealthcare:voluson_expert_18:*:*:*:*:*:*:*:* |
|
| gehealthcare | voluson_expert_22 |
Affected:
0
Affected: bt24 cpe:2.3:a:gehealthcare:voluson_expert_22:*:*:*:*:*:*:*:* |
|
| gehealthcare | voluson_swift |
Affected:
0
Affected: bt24 cpe:2.3:a:gehealthcare:voluson_swift:*:*:*:*:*:*:*:* |
|
| gehealthcare | logiq_e10 |
Affected:
0 , < r3.2.0
(custom)
cpe:2.3:a:gehealthcare:logiq_e10:*:*:*:*:*:*:*:* |
|
| gehealthcare | logiq_e10s |
Affected:
0 , < r3.2.0
(custom)
cpe:2.3:a:gehealthcare:logiq_e10s:*:*:*:*:*:*:*:* |
|
| gehealthcare | logiq_fortis |
Affected:
0 , < r3.2.0
(custom)
cpe:2.3:a:gehealthcare:logiq_fortis:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "venue_firmware",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "r1"
},
{
"status": "affected",
"version": "r2"
},
{
"lessThanOrEqual": "r3.3",
"status": "affected",
"version": "r3",
"versionType": "custom"
},
{
"lessThanOrEqual": "r4.3",
"status": "affected",
"version": "r4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "venue_go_firmware",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "r2"
},
{
"lessThanOrEqual": "r3.3",
"status": "affected",
"version": "r3",
"versionType": "custom"
},
{
"lessThanOrEqual": "r4.3",
"status": "affected",
"version": "r4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "venue_fit_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThanOrEqual": "r3.3",
"status": "affected",
"version": "r3",
"versionType": "custom"
},
{
"lessThanOrEqual": "r4.3",
"status": "affected",
"version": "r4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "logiq_e_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThanOrEqual": "r9.1.4",
"status": "affected",
"version": "r7",
"versionType": "custom"
},
{
"lessThanOrEqual": "r10.1.3",
"status": "affected",
"version": "r8",
"versionType": "custom"
},
{
"lessThanOrEqual": "r11.0.3",
"status": "affected",
"version": "r9",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "logiq_he_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThanOrEqual": "r9.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vivid_e_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "e95",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "e90",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "e80",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vivid_t_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "t8",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "t9",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vivid_iq_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:voluson_expert_16:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "voluson_expert_16",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "bt24"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:voluson_expert_18:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "voluson_expert_18",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "bt24"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:voluson_expert_22:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "voluson_expert_22",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "bt24"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:voluson_swift:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "voluson_swift",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "bt24"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:logiq_e10:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "logiq_e10",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "r3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:logiq_e10s:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "logiq_e10s",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "r3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:gehealthcare:logiq_fortis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "logiq_fortis",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "r3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1630",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:43:01.721848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T17:51:14.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Venue",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "R1"
},
{
"status": "affected",
"version": "R2"
},
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.3",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Venue Go",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "R2"
},
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.3",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Venue Fit",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.3",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ e",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R9.1.4",
"status": "affected",
"version": "R7",
"versionType": "custom"
},
{
"lessThanOrEqual": "R10.1.3",
"status": "affected",
"version": "R8",
"versionType": "custom"
},
{
"lessThanOrEqual": "R11.0.3",
"status": "affected",
"version": "R9",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ He",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R9.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid E",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "E95",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "E90",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "E80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid T",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "T8",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "T9",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid iq",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson Expert 16",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "BT24"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson Expert 18",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "BT24"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson Expert 22",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "BT24"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson SWIFT",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "BT24"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ E10",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "R3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ E10s",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "R3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ Fortis",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "R3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal vulnerability in \u201cgetAllFolderContents\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component"
}
],
"value": "Path traversal vulnerability in \u201cgetAllFolderContents\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T16:55:56.853Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path traversal vulnerability in \u201cgetAllFolderContents\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-1630",
"datePublished": "2024-05-14T16:55:56.853Z",
"dateReserved": "2024-02-19T15:28:03.794Z",
"dateUpdated": "2024-08-22T17:51:14.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1629 (GCVE-0-2024-1629)
Vulnerability from cvelistv5 – Published: 2024-05-14 16:32 – Updated: 2024-08-01 18:48
VLAI
Title
Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component
Summary
Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | Venue |
Affected:
R1
Affected: R2 Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.3 (custom) |
|
| GE HealthCare | Venue Go |
Affected:
R2
Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.3 (custom) |
|
| GE HealthCare | Venue Fit |
Affected:
R3 , ≤ R3.3
(custom)
Affected: R4 , ≤ R4.3 (custom) |
|
| GE HealthCare | LOGIQ e |
Affected:
R7 , ≤ R9.1.4
(custom)
Affected: R8 , ≤ R10.1.3 (custom) Affected: R9 , ≤ R11.0.3 (custom) |
|
| GE HealthCare | LOGIQ He |
Affected:
0 , ≤ R9.3.1
(custom)
|
|
| GE HealthCare | Vivid E |
Affected:
E95 , < 206
(custom)
Affected: E90 , < 206 (custom) Affected: E80 , < 206 (custom) |
|
| GE HealthCare | Vivid S |
Affected:
70N , < 206
(custom)
Affected: 60N , < 206 (custom) |
|
| GE HealthCare | Vivid T |
Affected:
T8 , < 206
(custom)
Affected: T9 , < 206 (custom) |
|
| GE HealthCare | Vivid iq |
Affected:
0 , < 206
(custom)
|
|
| GE HealthCare | Voluson Expert 16 |
Affected:
0
Affected: BT24 |
|
| GE HealthCare | Voluson Expert 18 |
Affected:
0
Affected: BT24 |
|
| GE HealthCare | Voluson Expert 22 |
Affected:
0
Affected: BT24 |
|
| GE HealthCare | Voluson SWIFT |
Affected:
0
Affected: BT24 |
|
| GE HealthCare | LOGIQ E10 |
Affected:
0 , < R3.2.0
(custom)
|
|
| GE HealthCare | LOGIQ E10s |
Affected:
0 , < R3.2.0
(custom)
|
|
| GE HealthCare | LOGIQ Fortis |
Affected:
0 , < R3.2.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T16:09:37.900864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:01:09.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Venue",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "R1"
},
{
"status": "affected",
"version": "R2"
},
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.3",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Venue Go",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "R2"
},
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.3",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Venue Fit",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.3",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ e",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R9.1.4",
"status": "affected",
"version": "R7",
"versionType": "custom"
},
{
"lessThanOrEqual": "R10.1.3",
"status": "affected",
"version": "R8",
"versionType": "custom"
},
{
"lessThanOrEqual": "R11.0.3",
"status": "affected",
"version": "R9",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ He",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R9.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid E",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "E95",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "E90",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "E80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid S",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "70N",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "60N",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid T",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "T8",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "T9",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid iq",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson Expert 16",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "BT24"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson Expert 18",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "BT24"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson Expert 22",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "BT24"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson SWIFT",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "BT24"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ E10",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "R3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ E10s",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "R3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ Fortis",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "R3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal vulnerability in \u201cdeleteFiles\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component"
}
],
"value": "Path traversal vulnerability in \u201cdeleteFiles\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T16:32:43.530Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path traversal vulnerability in \u201cdeleteFiles\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-1629",
"datePublished": "2024-05-14T16:32:43.530Z",
"dateReserved": "2024-02-19T15:23:21.436Z",
"dateUpdated": "2024-08-01T18:48:21.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1628 (GCVE-0-2024-1628)
Vulnerability from cvelistv5 – Published: 2024-05-14 16:04 – Updated: 2024-08-01 18:48
VLAI
Title
OS command injection vulnerabilities in GE HealthCare ultrasound devices
Summary
OS command injection vulnerabilities in GE HealthCare ultrasound devices
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
21 products
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | Venue |
Affected:
R1
Affected: R2 Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.3 (custom) |
|
| GE HealthCare | Venue Go |
Affected:
R2
Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.3 (custom) |
|
| GE HealthCare | Venue Fit |
Affected:
R3 , ≤ R3.3
(custom)
Affected: R4 , ≤ R4.3 (custom) |
|
| GE HealthCare | LOGIQ e |
Affected:
R7 , ≤ R9.1.4
(custom)
Affected: R8 , ≤ R10.1.3 (custom) Affected: R9 , ≤ R11.0.3 (custom) |
|
| GE HealthCare | LOGIQ He |
Affected:
0 , ≤ R9.3.1
(custom)
|
|
| GE HealthCare | Vivid E |
Affected:
E95 , < 206
(custom)
Affected: E90 , < 206 (custom) Affected: E80 , < 206 (custom) |
|
| GE HealthCare | Vivid S |
Affected:
70N , < 206
(custom)
Affected: 60N , < 206 (custom) |
|
| GE HealthCare | Vivid T |
Affected:
T8 , < 206
(custom)
Affected: T9 , < 206 (custom) |
|
| GE HealthCare | Vivid iq |
Affected:
0 , < 206
(custom)
|
|
| GE HealthCare | Voluson Expert 16 |
Affected:
0
Affected: BT24 , < Ext1 (custom) |
|
| GE HealthCare | Voluson Expert 18 |
Affected:
0
Affected: BT24 , < Ext1 (custom) |
|
| GE HealthCare | Voluson Expert 22 |
Affected:
0
Affected: BT24 , < Ext1 (custom) |
|
| GE HealthCare | Voluson SWIFT |
Affected:
0
Affected: BT24 |
|
| GE HealthCare | Invenia ABUS 2.0 |
Affected:
0 , ≤ 2.2.7
(custom)
|
|
| GE HealthCare | LOGIQ E10 |
Affected:
0 , < R3.2.0
(custom)
|
|
| GE HealthCare | LOGIQ E10s |
Affected:
0 , < R3.2.0
(custom)
|
|
| GE HealthCare | LOGIQ Fortis |
Affected:
0 , < R3.2.0
(custom)
|
|
| ge_healthcare | venue |
Affected:
multiple versions
cpe:2.3:a:ge_healthcare:venue:*:*:*:*:*:*:*:* |
|
| ge_healthcare | vivid |
Affected:
multiple versions
cpe:2.3:a:ge_healthcare:vivid:*:*:*:*:*:*:*:* |
|
| ge_healthcare | voluson |
Affected:
multiple versions
cpe:2.3:a:ge_healthcare:voluson:*:*:*:*:*:*:*:* |
|
| ge_healthcare | logiq |
Affected:
multiple versions
cpe:2.3:a:ge_healthcare:logiq:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ge_healthcare:venue:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "venue",
"vendor": "ge_healthcare",
"versions": [
{
"status": "affected",
"version": "multiple versions"
}
]
},
{
"cpes": [
"cpe:2.3:a:ge_healthcare:vivid:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vivid",
"vendor": "ge_healthcare",
"versions": [
{
"status": "affected",
"version": "multiple versions"
}
]
},
{
"cpes": [
"cpe:2.3:a:ge_healthcare:voluson:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "voluson",
"vendor": "ge_healthcare",
"versions": [
{
"status": "affected",
"version": "multiple versions"
}
]
},
{
"cpes": [
"cpe:2.3:a:ge_healthcare:logiq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "logiq",
"vendor": "ge_healthcare",
"versions": [
{
"status": "affected",
"version": "multiple versions"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1628",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T16:10:00.517201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:01:30.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Venue",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "R1"
},
{
"status": "affected",
"version": "R2"
},
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.3",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Venue Go",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "R2"
},
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.3",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Venue Fit",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.3",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ e",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R9.1.4",
"status": "affected",
"version": "R7",
"versionType": "custom"
},
{
"lessThanOrEqual": "R10.1.3",
"status": "affected",
"version": "R8",
"versionType": "custom"
},
{
"lessThanOrEqual": "R11.0.3",
"status": "affected",
"version": "R9",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ He",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R9.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid E",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "E95",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "E90",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "E80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid S",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "70N",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "60N",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid T",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "T8",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "T9",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid iq",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson Expert 16",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"lessThan": "Ext1",
"status": "affected",
"version": "BT24",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson Expert 18",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"lessThan": "Ext1",
"status": "affected",
"version": "BT24",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson Expert 22",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"lessThan": "Ext1",
"status": "affected",
"version": "BT24",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Voluson SWIFT",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "0"
},
{
"status": "affected",
"version": "BT24"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Invenia ABUS 2.0",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "2.2.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ E10",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "R3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ E10s",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "R3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ Fortis",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "R3.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OS command injection vulnerabilities in GE HealthCare ultrasound devices"
}
],
"value": "OS command injection vulnerabilities in GE HealthCare ultrasound devices"
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6 Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T16:04:57.780Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OS command injection vulnerabilities in GE HealthCare ultrasound devices",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-1628",
"datePublished": "2024-05-14T16:04:57.780Z",
"dateReserved": "2024-02-19T15:23:20.113Z",
"dateUpdated": "2024-08-01T18:48:21.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1486 (GCVE-0-2024-1486)
Vulnerability from cvelistv5 – Published: 2024-05-14 15:10 – Updated: 2024-08-16 18:15
VLAI
Title
Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
Summary
Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
22 products
| Vendor | Product | Version | |
|---|---|---|---|
| GE HealthCare | Venue |
Affected:
R1
Affected: R2 Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.2 (custom) |
|
| GE HealthCare | Venue Go |
Affected:
R2
Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.2 (custom) |
|
| GE HealthCare | Venue Fit |
Affected:
R3 , ≤ R3.3
(custom)
Affected: R4 , ≤ R4.2 (custom) |
|
| GE HealthCare | LOGIQ e |
Affected:
R7 , ≤ R9.1.4
(custom)
Affected: R8 , ≤ R10.1.3 (custom) Affected: R9 , ≤ R11.0.2 (custom) |
|
| GE HealthCare | LOGIQ He |
Affected:
0 , ≤ R9.3.1
(custom)
|
|
| GE HealthCare | Vivid E |
Affected:
E95 , < 206
(custom)
Affected: E90 , < 206 (custom) Affected: E80 , < 206 (custom) Affected: E9 113.2 , ≤ 113.2 (custom) |
|
| GE HealthCare | Vivid S |
Affected:
70N , < 206
(custom)
Affected: 60N , < 206 (custom) |
|
| GE HealthCare | Vivid T |
Affected:
T8 , < 206
(custom)
Affected: T9 , < 206 (custom) |
|
| GE HealthCare | Vivid iq |
Affected:
0 , < 206
(custom)
|
|
| GE HealthCare | Invenia ABUS |
Affected:
1.2.3
|
|
| GE HealthCare | Invenia ABUS 2.0 |
Affected:
0 , < 2.2.9
(custom)
|
|
| gehealthcare | venue_firmware |
Affected:
R1
Affected: R2 Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.2 (custom) cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | venue_go_firmware |
Affected:
R2
Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.2 (custom) cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | venue_fit_firmware |
Affected:
R3 , ≤ R3.3
(custom)
Affected: R4 , ≤ R4.2 (custom) cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | logiq_e_firmware |
Affected:
R7 , ≤ R9.1.4
(custom)
Affected: R8 , ≤ R10.1.3 (custom) Affected: R9 , ≤ R11.0.2 (custom) cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | logiq_he_firmware |
Affected:
0 , ≤ R9.3.1
(custom)
cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | vivid_e_firmware |
Affected:
E95 , < 206
(custom)
Affected: E90 , < 206 (custom) Affected: E80 , < 206 (custom) Affected: E9 113.2 , ≤ 113.2 (custom) cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | vivid_s_firmware |
Affected:
70N , < 206
(custom)
Affected: 60N , < 206 (custom) cpe:2.3:o:gehealthcare:vivid_s_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | vivid_t_firmware |
Affected:
T8 , < 206
(custom)
Affected: T9 , < 206 (custom) cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | vivid_iq_firmware |
Affected:
0 , < 206
(custom)
cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | invenia_abus_firmware |
Affected:
1.2.3
cpe:2.3:o:gehealthcare:invenia_abus_firmware:*:*:*:*:*:*:*:* |
|
| gehealthcare | invenia_abus_2.0_firmware |
Affected:
0 , < 2.2.9
(custom)
cpe:2.3:o:gehealthcare:invenia_abus_2.0_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securityupdate.gehealthcare.com/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "venue_firmware",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "R1"
},
{
"status": "affected",
"version": "R2"
},
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.2",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "venue_go_firmware",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "R2"
},
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.2",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "venue_fit_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.2",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "logiq_e_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThanOrEqual": "R9.1.4",
"status": "affected",
"version": "R7",
"versionType": "custom"
},
{
"lessThanOrEqual": "R10.1.3",
"status": "affected",
"version": "R8",
"versionType": "custom"
},
{
"lessThanOrEqual": "R11.0.2",
"status": "affected",
"version": "R9",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "logiq_he_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThanOrEqual": "R9.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vivid_e_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "E95",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "E90",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "E80",
"versionType": "custom"
},
{
"lessThanOrEqual": "113.2",
"status": "affected",
"version": "E9 113.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vivid_s_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "70N",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "60N",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vivid_t_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "T8",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "T9",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vivid_iq_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:invenia_abus_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "invenia_abus_firmware",
"vendor": "gehealthcare",
"versions": [
{
"status": "affected",
"version": "1.2.3"
}
]
},
{
"cpes": [
"cpe:2.3:o:gehealthcare:invenia_abus_2.0_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "invenia_abus_2.0_firmware",
"vendor": "gehealthcare",
"versions": [
{
"lessThan": "2.2.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T14:08:59.014421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T18:15:02.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Venue",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "R1"
},
{
"status": "affected",
"version": "R2"
},
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.2",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Venue Go",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "R2"
},
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.2",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Venue Fit",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R3.3",
"status": "affected",
"version": "R3",
"versionType": "custom"
},
{
"lessThanOrEqual": "R4.2",
"status": "affected",
"version": "R4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ e",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R9.1.4",
"status": "affected",
"version": "R7",
"versionType": "custom"
},
{
"lessThanOrEqual": "R10.1.3",
"status": "affected",
"version": "R8",
"versionType": "custom"
},
{
"lessThanOrEqual": "R11.0.2",
"status": "affected",
"version": "R9",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LOGIQ He",
"vendor": "GE HealthCare",
"versions": [
{
"lessThanOrEqual": "R9.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid E",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "E95",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "E90",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "E80",
"versionType": "custom"
},
{
"lessThanOrEqual": "113.2",
"status": "affected",
"version": "E9 113.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid S",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "70N",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "60N",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid T",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "T8",
"versionType": "custom"
},
{
"lessThan": "206",
"status": "affected",
"version": "T9",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Vivid iq",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "206",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Invenia ABUS",
"vendor": "GE HealthCare",
"versions": [
{
"status": "affected",
"version": "1.2.3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Invenia ABUS 2.0",
"vendor": "GE HealthCare",
"versions": [
{
"lessThan": "2.2.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices"
}
],
"value": "Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices"
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T15:10:22.262Z",
"orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"shortName": "GEHC"
},
"references": [
{
"url": "https://securityupdate.gehealthcare.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
"assignerShortName": "GEHC",
"cveId": "CVE-2024-1486",
"datePublished": "2024-05-14T15:10:22.262Z",
"dateReserved": "2024-02-13T22:34:57.386Z",
"dateUpdated": "2024-08-16T18:15:02.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}