CVE-2011-5322

GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for the analyst user, (3) G3car3s for the ccg user, (4) V0yag3r for the viewer user, and (5) geservice for the geservice user in the Webmin interface, which has unspecified impact and attack vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://apps.gehealthcare.com/servlet/ClientServlet/CA11_IN_2059103-001r4.pdf?REQ=RAA&DIRECTION=2059103-001&FILENAME=CA11_IN_2059103-001r4.pdf&FILEREV=4&DOCREV_ORG=4
http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
https://twitter.com/digitalbond/status/619250429751222277

Configurations

Configuration 1 (hide)

cpe:2.3:a:gehealthcare:centricity_analytics_server:1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-08-04 14:59

Updated : 2024-02-28 15:21

NVD link : CVE-2011-5322

Mitre link : CVE-2011-5322

CVE.ORG link : CVE-2011-5322

JSON object : View

Products Affected

gehealthcare

centricity_analytics_server

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2011-5322", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-08-04T14:59:14.627", "references": [{"url": "http://apps.gehealthcare.com/servlet/ClientServlet/CA11_IN_2059103-001r4.pdf?REQ=RAA&DIRECTION=2059103-001&FILENAME=CA11_IN_2059103-001r4.pdf&FILEREV=4&DOCREV_ORG=4", "source": "cve@mitre.org"}, {"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", "source": "cve@mitre.org"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "source": "cve@mitre.org"}, {"url": "https://twitter.com/digitalbond/status/619250429751222277", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for the analyst user, (3) G3car3s for the ccg user, (4) V0yag3r for the viewer user, and (5) geservice for the geservice user in the Webmin interface, which has unspecified impact and attack vectors."}, {"lang": "es", "value": "Vulnerabilidad en GE Healthcare Centricity Analytics Server 1.1 tiene una contrase\u00f1a por defecto de (1) V0yag3r para el usuario SQL Server sa, (2) G3car3s para el usuario analyst, (3) G3car3s para el usuario ccg, (4) V0yag3r para el usuario viewer y (5) geservice para el usuario geservice en la interfaz Webmin, lo cual tiene un impacto y vectores de ataque no especificados."}], "lastModified": "2018-03-28T01:29:01.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gehealthcare:centricity_analytics_server:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7D7163C-9984-4115-B200-2BA293287633"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}