{"containers": {"cna": {"affected": [{"product": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", "vendor": "n/a", "versions": [{"status": "affected", "version": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X"}]}], "descriptions": [{"lang": "en", "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-01-24T16:32:13", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-6964", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", "version": {"version_data": [{"version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-6964", "datePublished": "2020-01-24T16:32:13", "dateReserved": "2020-01-14T00:00:00", "dateUpdated": "2020-01-24T16:32:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C5DD75E-7D4D-4B05-A84D-EDEAA2D23E59", "versionEndIncluding": "4.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gehealthcare:apexpro_telemetry_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "A94476A1-B004-4561-918D-C41631F36D9F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "28F6C17B-2288-4EA1-B89F-6E1FED96ADD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9304DE75-4BCB-4C13-97D5-547195441591", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gehealthcare:carescape_central_station_mai700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C2C8D13-A1C6-4DD1-9886-F925E2158C3A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "85D5EF4C-F118-4CA9-93C1-6366303F8893", "vulnerable": true}, {"criteria": "cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "43F897B5-1F21-466D-A99C-2E6A98E93FFA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gehealthcare:carescape_central_station_mas700:-:*:*:*:*:*:*:*", "matchCriteriaId": "42991B9E-1D70-4A40-A283-162F2A73669B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FE710E0-76E4-4F7E-890C-9AEB00F5DB13", "vulnerable": true}, {"criteria": "cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "68B32A68-64CF-4579-B465-F1B8F4997C48", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gehealthcare:clinical_information_center_mp100d:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0E93396-C7BB-4E53-8921-8251DC6A0F75", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "57D4B8E4-C481-446C-BF46-6FB6253344A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "71F1DE32-2C25-4C0C-A4BF-30F5F3F19C70", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gehealthcare:clinical_information_center_mp100r:-:*:*:*:*:*:*:*", "matchCriteriaId": "057C6A3F-BD7E-4655-B9D9-1402C5259D59", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gehealthcare:carescape_telemetry_server_mp100r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7A592B9-9BE4-4096-B733-EE9A03D7A610", "versionEndIncluding": "4.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gehealthcare:carescape_telemetry_server_mp100r:-:*:*:*:*:*:*:*", "matchCriteriaId": "636B9839-E067-4BB0-A5FF-F3B4BE12AB50", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network."}, {"lang": "es", "value": "En ApexPro Telemetry Server Versiones 4.2 y anteriores, CARESCAPE Telemetry Server Versiones v4.2 y anteriores, Clinical Information Center (CIC) Versiones 4.X y 5.X, CARESCAPE Central Station (CSCS) Versiones 1.X y CARESCAPE Central Station (CSCS) Versiones 2.X, el servicio integrado para el cambio de teclado de los dispositivos afectados podr\u00eda permitir a atacantes obtener acceso de entrada de teclado remoto sin autenticaci\u00f3n por medio de la red."}], "id": "CVE-2020-6964", "lastModified": "2020-03-17T17:22:33.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-24T17:15:13.297", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01"}, {"source": "nvd@nist.gov", "tags": ["Product"], "url": "https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}