CVE-2020-6962

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:4.3:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:apexpro_telemetry_server:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:gehealthcare:carescape_b450_monitor_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:carescape_b450_monitor:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:gehealthcare:carescape_b650_monitor_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:carescape_b650_monitor_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:carescape_b650_monitor:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:gehealthcare:carescape_b850_monitor_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:carescape_b850_monitor_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:carescape_b850_monitor:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:carescape_central_station_mai700:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:carescape_central_station_mas700:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:5.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:clinical_information_center_mp100d:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:5.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:clinical_information_center_mp100r:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:gehealthcare:carescape_telemetry_server_mp100r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:carescape_telemetry_server_mp100r_firmware:4.3:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:carescape_telemetry_server_mp100r:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:36

Type Values Removed Values Added
References () https://www.us-cert.gov/ics/advisories/icsma-20-023-01 - Third Party Advisory, US Government Resource () https://www.us-cert.gov/ics/advisories/icsma-20-023-01 - Third Party Advisory, US Government Resource

Information

Published : 2020-01-24 17:15

Updated : 2024-11-21 05:36


NVD link : CVE-2020-6962

Mitre link : CVE-2020-6962

CVE.ORG link : CVE-2020-6962


JSON object : View

Products Affected

gehealthcare

  • carescape_central_station_mai700
  • clinical_information_center_mp100d_firmware
  • carescape_telemetry_server_mp100r_firmware
  • carescape_b450_monitor_firmware
  • carescape_b650_monitor
  • clinical_information_center_mp100d
  • carescape_b850_monitor
  • carescape_central_station_mas700
  • clinical_information_center_mp100r_firmware
  • carescape_central_station_mai700_firmware
  • carescape_telemetry_server_mp100r
  • carescape_b450_monitor
  • carescape_central_station_mas700_firmware
  • apexpro_telemetry_server_firmware
  • carescape_b850_monitor_firmware
  • apexpro_telemetry_server
  • clinical_information_center_mp100r
  • carescape_b650_monitor_firmware
CWE
CWE-20

Improper Input Validation