GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default.
References
Configurations
History
21 Nov 2024, 01:23
Type | Values Removed | Values Added |
---|---|---|
References | () http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4 - | |
References | () http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/ - | |
References | () https://twitter.com/digitalbond/status/619250429751222277 - |
Information
Published : 2015-08-04 14:59
Updated : 2024-11-21 01:23
NVD link : CVE-2010-5308
Mitre link : CVE-2010-5308
CVE.ORG link : CVE-2010-5308
JSON object : View
Products Affected
gehealthcare
- optima_mr360_firmware
CWE
CWE-255
Credentials Management Errors