Vulnerability-Lookup

BDU:2024-04329

Vulnerability from fstec - Published: 19.02.2024

Title

Уязвимость функции getAllFolderContents() веб-приложения Common Service Desktop систем ультразвуковой диагностики GE HealthCare, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость функции getAllFolderContents() веб-приложения Common Service Desktop систем ультразвуковой диагностики GE HealthCare связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к защищаемой информации

Severity ?


                    
                      AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vendor

GE Healthcare

Software Name

Venue Go R2, Venue R1, Venue R2, Voluson Expert 22, Voluson Expert 18, Voluson Expert 16, Voluson SWIFT+, Voluson SWIFT, Voluson SWIFT BT24, Voluson SWIFT+ BT24, Invenia ABUS, Vivid E95, Vivid E90, Vivid E80, Vivid S60N, Vivid S70N, Vivid T8, Vivid T9, Vivid iQ, LOGIQ E10s, LOGIQ E10, LOGIQ Fortis, Voluson Expert 22 BT24, Voluson Expert 18 BT24, Voluson Expert 16 BT24, LOGIQ e R7 (9.2.x), LOGIQ e R7 (9.1.x), LOGIQ He, LOGIQ e R8, LOGIQ e R9, Venue Fit R4, Venue Go R4, Venue R4, Venue R3, Venue Go R3, Venue Fit R3, Versana Essential R2, Versana Premier R1, Versana Premier R2, Versana Active R1, Versana Balance R1, Versana Balance R2

Software Version

- (Venue Go R2), - (Venue R1), - (Venue R2), - (Voluson Expert 22), - (Voluson Expert 18), - (Voluson Expert 16), - (Voluson SWIFT+), - (Voluson SWIFT), - (Voluson SWIFT BT24), - (Voluson SWIFT+ BT24), от 2.0 до 2.2.7 включительно (Invenia ABUS), 204 (Vivid E95), 206 (Vivid E95), 206 (Vivid E90), 204 (Vivid E90), 204 (Vivid E80), 206 (Vivid E80), 206 (Vivid S60N), 206 (Vivid S70N), 204 (Vivid S70N), 204 (Vivid S60N), до 206 включительно (Vivid T8), до 206 включительно (Vivid T9), до 206 включительно (Vivid iQ), до 204.117 (Vivid iQ), до 204.117 (Vivid T8), до 204.117 (Vivid T9), до 205.117 (Vivid T9), до 205.117 (Vivid T8), до 205.117 (Vivid iQ), до R3.2.0 (LOGIQ E10s), до R3.2.0 (LOGIQ E10), до R3.2.0 (LOGIQ Fortis), ext 0 (Voluson Expert 22 BT24), ext 0 (Voluson Expert 18 BT24), ext 0 (Voluson Expert 16 BT24), до R9.2.5 включительно (LOGIQ e R7 (9.2.x)), до R9.1.4 включительно (LOGIQ e R7 (9.1.x)), до R9.3.2 включительно (LOGIQ He), до R10.1.3 включительно (LOGIQ e R8), до R11.0.3 включительно (LOGIQ e R9), до 4.3 (Venue Fit R4), до 4.3 (Venue Go R4), до 4.3 (Venue R4), до 3.3 включительно (Venue R3), до 3.3 включительно (Venue Go R3), до 3.3 включительно (Venue Fit R3), до 2.0.3 включительно (Versana Essential R2), до 1.2.8 включительно (Versana Premier R1), до 1.0.16 включительно (Versana Premier R1), до 2.1.8 включительно (Versana Premier R2), до 1.2.2 включительно (Versana Active R1), до 1.0.9 включительно (Versana Active R1), до 1.2.3 включительно (Versana Balance R1), до 1.0.9 включительно (Versana Balance R1), до 2.0.7 включительно (Versana Balance R2)

Possible Mitigations

Использование рекомендаций: Компенсирующие меры: - ограничение возможности подключения к устройствам через SMB по 2638 TCP-порту (порт сервера базы данных SQL Anywhere); - использование средств межсетевого экранирования и средств обнаружения и предотвращения вторжений (IDS/IPS) для отслеживания подключений к устройству; - ограничение доступа к устройству из внешних сетей (Интернет); - использование виртуальных частных сетей для организации удаленного доступа (VPN); - сегментирование сети для ограничения возможности удалённого доступа к медицинскому оборудованию. Рекомендации производителя: https://www.gehealthcare.com/services/lifecycle-management/product-security-portal/security

Reference

https://www.gehealthcare.com/services/lifecycle-management/product-security-portal/security https://www.nozominetworks.com/blog/ge-healthcare-vivid-ultrasound-vulnerabilities https://vuldb.com/ru/?id.264316

CWE

CWE-22

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:N",
  "CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "GE Healthcare",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Venue Go R2), - (Venue R1), - (Venue R2), - (Voluson Expert 22), - (Voluson Expert 18), - (Voluson Expert 16), - (Voluson SWIFT+), - (Voluson SWIFT), - (Voluson SWIFT BT24), - (Voluson SWIFT+ BT24), \u043e\u0442 2.0 \u0434\u043e 2.2.7 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Invenia ABUS), 204 (Vivid E95), 206 (Vivid E95), 206 (Vivid E90), 204 (Vivid E90), 204 (Vivid E80), 206 (Vivid E80), 206 (Vivid S60N), 206 (Vivid S70N), 204 (Vivid S70N), 204 (Vivid S60N), \u0434\u043e 206 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Vivid T8), \u0434\u043e 206 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Vivid T9), \u0434\u043e 206 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Vivid iQ), \u0434\u043e 204.117 (Vivid iQ), \u0434\u043e 204.117 (Vivid T8), \u0434\u043e 204.117 (Vivid T9), \u0434\u043e 205.117 (Vivid T9), \u0434\u043e 205.117 (Vivid T8), \u0434\u043e 205.117 (Vivid iQ), \u0434\u043e R3.2.0 (LOGIQ E10s), \u0434\u043e R3.2.0 (LOGIQ E10), \u0434\u043e R3.2.0 (LOGIQ Fortis), ext 0 (Voluson Expert 22 BT24), ext 0 (Voluson Expert 18 BT24), ext 0 (Voluson Expert 16 BT24), \u0434\u043e R9.2.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (LOGIQ e R7 (9.2.x)), \u0434\u043e R9.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (LOGIQ e R7 (9.1.x)), \u0434\u043e R9.3.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (LOGIQ He), \u0434\u043e R10.1.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (LOGIQ e R8), \u0434\u043e R11.0.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (LOGIQ e R9), \u0434\u043e 4.3 (Venue Fit R4), \u0434\u043e 4.3 (Venue Go R4), \u0434\u043e 4.3 (Venue R4), \u0434\u043e 3.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Venue R3), \u0434\u043e 3.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Venue Go R3), \u0434\u043e 3.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Venue Fit R3), \u0434\u043e 2.0.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Versana Essential R2), \u0434\u043e 1.2.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Versana Premier R1), \u0434\u043e 1.0.16 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Versana Premier R1), \u0434\u043e 2.1.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Versana Premier R2), \u0434\u043e 1.2.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Versana Active R1), \u0434\u043e 1.0.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Versana Active R1), \u0434\u043e 1.2.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Versana Balance R1), \u0434\u043e 1.0.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Versana Balance R1), \u0434\u043e 2.0.7 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Versana Balance R2)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c \u0447\u0435\u0440\u0435\u0437 SMB \u043f\u043e 2638 TCP-\u043f\u043e\u0440\u0442\u0443 (\u043f\u043e\u0440\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445 SQL Anywhere);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 (IDS/IPS) \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN);\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043c\u0435\u0434\u0438\u0446\u0438\u043d\u0441\u043a\u043e\u043c\u0443 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044e.\n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.gehealthcare.com/services/lifecycle-management/product-security-portal/security",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.06.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.06.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-04329",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-1630",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Venue Go R2, Venue R1, Venue R2, Voluson Expert 22, Voluson Expert 18, Voluson Expert 16, Voluson SWIFT+, Voluson SWIFT, Voluson SWIFT BT24, Voluson SWIFT+ BT24, Invenia ABUS, Vivid E95, Vivid E90, Vivid E80, Vivid S60N, Vivid S70N, Vivid T8, Vivid T9, Vivid iQ, LOGIQ E10s, LOGIQ E10, LOGIQ Fortis, Voluson Expert 22 BT24, Voluson Expert 18 BT24, Voluson Expert 16 BT24, LOGIQ e R7 (9.2.x), LOGIQ e R7 (9.1.x), LOGIQ He, LOGIQ e R8, LOGIQ e R9, Venue Fit R4, Venue Go R4, Venue R4, Venue R3, Venue Go R3, Venue Fit R3, Versana Essential R2, Versana Premier R1, Versana Premier R2, Versana Active R1, Versana Balance R1, Versana Balance R2",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 getAllFolderContents() \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f Common Service Desktop \u0441\u0438\u0441\u0442\u0435\u043c \u0443\u043b\u044c\u0442\u0440\u0430\u0437\u0432\u0443\u043a\u043e\u0432\u043e\u0439 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0438 GE HealthCare, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (\u00ab\u041e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438\u00bb) (CWE-22)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 getAllFolderContents() \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f Common Service Desktop \u0441\u0438\u0441\u0442\u0435\u043c \u0443\u043b\u044c\u0442\u0440\u0430\u0437\u0432\u0443\u043a\u043e\u0432\u043e\u0439 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0438 GE HealthCare \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.gehealthcare.com/services/lifecycle-management/product-security-portal/security\nhttps://www.nozominetworks.com/blog/ge-healthcare-vivid-ultrasound-vulnerabilities\nhttps://vuldb.com/ru/?id.264316",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-22",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,7)"
}

CVE-2024-1630 (GCVE-0-2024-1630)

Vulnerability from cvelistv5 – Published: 2024-05-14 16:55 – Updated: 2024-08-22 17:51

Title

Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component

Summary

Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GEHC

References

URL

Tags

https://securityupdate.gehealthcare.com/

Impacted products

Vendor

Product

Version

GE HealthCare

Venue

Affected: R1
Affected: R2
Affected: R3 , ≤ R3.3 (custom)
Affected: R4 , ≤ R4.3 (custom)

GE HealthCare	Venue Go	Affected: R2 Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.3 (custom)
GE HealthCare	Venue Fit	Affected: R3 , ≤ R3.3 (custom) Affected: R4 , ≤ R4.3 (custom)
GE HealthCare	LOGIQ e	Affected: R7 , ≤ R9.1.4 (custom) Affected: R8 , ≤ R10.1.3 (custom) Affected: R9 , ≤ R11.0.3 (custom)
GE HealthCare	LOGIQ He	Affected: 0 , ≤ R9.3.1 (custom)
GE HealthCare	Vivid E	Affected: E95 , < 206 (custom) Affected: E90 , < 206 (custom) Affected: E80 , < 206 (custom)
GE HealthCare	Vivid T	Affected: T8 , < 206 (custom) Affected: T9 , < 206 (custom)
GE HealthCare	Vivid iq	Affected: 0 , < 206 (custom)
GE HealthCare	Voluson Expert 16	Affected: 0 Affected: BT24
GE HealthCare	Voluson Expert 18	Affected: 0 Affected: BT24
GE HealthCare	Voluson Expert 22	Affected: 0 Affected: BT24
GE HealthCare	Voluson SWIFT	Affected: 0 Affected: BT24
GE HealthCare	LOGIQ E10	Affected: 0 , < R3.2.0 (custom)
GE HealthCare	LOGIQ E10s	Affected: 0 , < R3.2.0 (custom)
GE HealthCare	LOGIQ Fortis	Affected: 0 , < R3.2.0 (custom)

Credits

Andrea Palanca and Gabriele Quagliarella of Nozomi Networks

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:48:21.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://securityupdate.gehealthcare.com/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "venue_firmware",
            "vendor": "gehealthcare",
            "versions": [
              {
                "status": "affected",
                "version": "r1"
              },
              {
                "status": "affected",
                "version": "r2"
              },
              {
                "lessThanOrEqual": "r3.3",
                "status": "affected",
                "version": "r3",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "r4.3",
                "status": "affected",
                "version": "r4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "venue_go_firmware",
            "vendor": "gehealthcare",
            "versions": [
              {
                "status": "affected",
                "version": "r2"
              },
              {
                "lessThanOrEqual": "r3.3",
                "status": "affected",
                "version": "r3",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "r4.3",
                "status": "affected",
                "version": "r4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "venue_fit_firmware",
            "vendor": "gehealthcare",
            "versions": [
              {
                "lessThanOrEqual": "r3.3",
                "status": "affected",
                "version": "r3",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "r4.3",
                "status": "affected",
                "version": "r4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "logiq_e_firmware",
            "vendor": "gehealthcare",
            "versions": [
              {
                "lessThanOrEqual": "r9.1.4",
                "status": "affected",
                "version": "r7",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "r10.1.3",
                "status": "affected",
                "version": "r8",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "r11.0.3",
                "status": "affected",
                "version": "r9",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "logiq_he_firmware",
            "vendor": "gehealthcare",
            "versions": [
              {
                "lessThanOrEqual": "r9.3.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vivid_e_firmware",
            "vendor": "gehealthcare",
            "versions": [
              {
                "lessThan": "206",
                "status": "affected",
                "version": "e95",
                "versionType": "custom"
              },
              {
                "lessThan": "206",
                "status": "affected",
                "version": "e90",
                "versionType": "custom"
              },
              {
                "lessThan": "206",
                "status": "affected",
                "version": "e80",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vivid_t_firmware",
            "vendor": "gehealthcare",
            "versions": [
              {
                "lessThan": "206",
                "status": "affected",
                "version": "t8",
                "versionType": "custom"
              },
              {
                "lessThan": "206",
                "status": "affected",
                "version": "t9",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vivid_iq_firmware",
            "vendor": "gehealthcare",
            "versions": [
              {
                "lessThan": "206",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:gehealthcare:voluson_expert_16:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "voluson_expert_16",
            "vendor": "gehealthcare",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              },
              {
                "status": "affected",
                "version": "bt24"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:gehealthcare:voluson_expert_18:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "voluson_expert_18",
            "vendor": "gehealthcare",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              },
              {
                "status": "affected",
                "version": "bt24"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:gehealthcare:voluson_expert_22:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "voluson_expert_22",
            "vendor": "gehealthcare",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              },
              {
                "status": "affected",
                "version": "bt24"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:gehealthcare:voluson_swift:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "voluson_swift",
            "vendor": "gehealthcare",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              },
              {
                "status": "affected",
                "version": "bt24"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:gehealthcare:logiq_e10:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "logiq_e10",
            "vendor": "gehealthcare",
            "versions": [
              {
                "lessThan": "r3.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:gehealthcare:logiq_e10s:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "logiq_e10s",
            "vendor": "gehealthcare",
            "versions": [
              {
                "lessThan": "r3.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:gehealthcare:logiq_fortis:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "logiq_fortis",
            "vendor": "gehealthcare",
            "versions": [
              {
                "lessThan": "r3.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1630",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T19:43:01.721848Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-22T17:51:14.776Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Venue",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "status": "affected",
              "version": "R1"
            },
            {
              "status": "affected",
              "version": "R2"
            },
            {
              "lessThanOrEqual": "R3.3",
              "status": "affected",
              "version": "R3",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "R4.3",
              "status": "affected",
              "version": "R4",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Venue Go",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "status": "affected",
              "version": "R2"
            },
            {
              "lessThanOrEqual": "R3.3",
              "status": "affected",
              "version": "R3",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "R4.3",
              "status": "affected",
              "version": "R4",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Venue Fit",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "lessThanOrEqual": "R3.3",
              "status": "affected",
              "version": "R3",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "R4.3",
              "status": "affected",
              "version": "R4",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "LOGIQ e",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "lessThanOrEqual": "R9.1.4",
              "status": "affected",
              "version": "R7",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "R10.1.3",
              "status": "affected",
              "version": "R8",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "R11.0.3",
              "status": "affected",
              "version": "R9",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "LOGIQ He",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "lessThanOrEqual": "R9.3.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vivid E",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "lessThan": "206",
              "status": "affected",
              "version": "E95",
              "versionType": "custom"
            },
            {
              "lessThan": "206",
              "status": "affected",
              "version": "E90",
              "versionType": "custom"
            },
            {
              "lessThan": "206",
              "status": "affected",
              "version": "E80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vivid T",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "lessThan": "206",
              "status": "affected",
              "version": "T8",
              "versionType": "custom"
            },
            {
              "lessThan": "206",
              "status": "affected",
              "version": "T9",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vivid iq",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "lessThan": "206",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Voluson Expert 16",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            },
            {
              "status": "affected",
              "version": "BT24"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Voluson Expert 18",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            },
            {
              "status": "affected",
              "version": "BT24"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Voluson Expert 22",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            },
            {
              "status": "affected",
              "version": "BT24"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Voluson SWIFT",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            },
            {
              "status": "affected",
              "version": "BT24"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "LOGIQ E10",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "lessThan": "R3.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "LOGIQ E10s",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "lessThan": "R3.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "LOGIQ Fortis",
          "vendor": "GE HealthCare",
          "versions": [
            {
              "lessThan": "R3.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Path traversal vulnerability in \u201cgetAllFolderContents\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component"
            }
          ],
          "value": "Path traversal vulnerability in \u201cgetAllFolderContents\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126 Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-14T16:55:56.853Z",
        "orgId": "171caf72-b841-4e04-a68e-93493aff2b94",
        "shortName": "GEHC"
      },
      "references": [
        {
          "url": "https://securityupdate.gehealthcare.com/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Path traversal vulnerability in \u201cgetAllFolderContents\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "171caf72-b841-4e04-a68e-93493aff2b94",
    "assignerShortName": "GEHC",
    "cveId": "CVE-2024-1630",
    "datePublished": "2024-05-14T16:55:56.853Z",
    "dateReserved": "2024-02-19T15:28:03.794Z",
    "dateUpdated": "2024-08-22T17:51:14.776Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-04329

CVE-2024-1630 (GCVE-0-2024-1630)

Tags

Sightings

Nomenclature