CVE-2010-5308

GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default.
Configurations

Configuration 1 (hide)

cpe:2.3:o:gehealthcare:optima_mr360_firmware:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:23

Type Values Removed Values Added
References () http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4 - () http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4 -
References () http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/ - () http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/ -
References () https://twitter.com/digitalbond/status/619250429751222277 - () https://twitter.com/digitalbond/status/619250429751222277 -

Information

Published : 2015-08-04 14:59

Updated : 2024-11-21 01:23


NVD link : CVE-2010-5308

Mitre link : CVE-2010-5308

CVE.ORG link : CVE-2010-5308


JSON object : View

Products Affected

gehealthcare

  • optima_mr360_firmware
CWE
CWE-255

Credentials Management Errors