ID
VAR-201508-0001
CVE
CVE-2007-6757
TITLE
GE Healthcare Centricity DMS Trust Management Vulnerability
Trust: 1.2
sources:
CNVD: CNVD-2015-05142 //
CNNVD: CNNVD-201508-018
DESCRIPTION
GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Trust: 2.61
sources:
NVD: CVE-2007-6757 //
JVNDB: JVNDB-2015-003997 //
CNVD: CNVD-2015-05142 //
BID: 76263 //
VULHUB: VHN-30119 //
VULMON: CVE-2007-6757
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2015-05142
AFFECTED PRODUCTS
| vendor: | gehealthcare | model: | centricity dms | scope: | eq | version: | 4.2 | Trust: 1.9 |
| vendor: | gehealthcare | model: | centricity dms | scope: | eq | version: | 4.1 | Trust: 1.9 |
| vendor: | gehealthcare | model: | centricity dms | scope: | eq | version: | 4.0 | Trust: 1.9 |
| vendor: | ge healthcare | model: | centricity cardiology data management system | scope: | eq | version: | 4.0 | Trust: 0.8 |
| vendor: | ge healthcare | model: | centricity cardiology data management system | scope: | eq | version: | 4.1 | Trust: 0.8 |
| vendor: | ge healthcare | model: | centricity cardiology data management system | scope: | eq | version: | 4.2 | Trust: 0.8 |
| vendor: | general electric | model: | healthcare centricity dms | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2015-05142 //
BID: 76263 //
JVNDB: JVNDB-2015-003997 //
CNNVD: CNNVD-201508-018 //
NVD: CVE-2007-6757
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2015-05142 //
VULHUB: VHN-30119 //
VULMON: CVE-2007-6757 //
JVNDB: JVNDB-2015-003997 //
CNNVD: CNNVD-201508-018 //
NVD: CVE-2007-6757
PROBLEMTYPE DATA
| problemtype: | CWE-255 | Trust: 1.9 |
sources:
VULHUB: VHN-30119 //
JVNDB: JVNDB-2015-003997 //
NVD: CVE-2007-6757
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201508-018
TYPE
trust management
Trust: 0.6
sources:
CNNVD: CNNVD-201508-018
CONFIGURATIONS
sources:
JVNDB: JVNDB-2015-003997
PATCH
| title: | Centricity Cardiology Data Management System System Management Manual Software Version 4.1 | url: | http://apps.gehealthcare.com/servlet/ClientServlet/2019295-133G.pdf?REQ=RAA&DIRECTION=2019295-133&FILENAME=2019295-133G.pdf&FILEREV=G&DOCREV_ORG=G | Trust: 0.8 |
| title: | Centricity Cardiology Data Management System System Management Manual Software Version 4.0 | url: | http://apps.gehealthcare.com/servlet/ClientServlet/2019295-133D.pdf?REQ=RAA&DIRECTION=2019295-133D&FILENAME=2019295-133D.pdf&FILEREV=D&DOCREV_ORG=D | Trust: 0.8 |
sources:
JVNDB: JVNDB-2015-003997
EXTERNAL IDS
| db: | NVD | id: | CVE-2007-6757 | Trust: 3.5 |
| db: | ICS CERT | id: | ICSMA-18-037-02 | Trust: 2.0 |
| db: | JVNDB | id: | JVNDB-2015-003997 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201508-018 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2015-05142 | Trust: 0.6 |
| db: | BID | id: | 76263 | Trust: 0.5 |
| db: | VULHUB | id: | VHN-30119 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2007-6757 | Trust: 0.1 |
sources:
CNVD: CNVD-2015-05142 //
VULHUB: VHN-30119 //
VULMON: CVE-2007-6757 //
BID: 76263 //
JVNDB: JVNDB-2015-003997 //
CNNVD: CNNVD-201508-018 //
NVD: CVE-2007-6757
REFERENCES
| url: | http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/ | Trust: 2.9 |
| url: | https://twitter.com/digitalbond/status/619250429751222277 | Trust: 2.4 |
| url: | https://ics-cert.us-cert.gov/advisories/icsma-18-037-02 | Trust: 2.1 |
| url: | http://apps.gehealthcare.com/servlet/clientservlet/2019295-133d.pdf?req=raa&direction=2019295-133d&filename=2019295-133d.pdf&filerev=d&docrev_org=d | Trust: 1.7 |
| url: | http://apps.gehealthcare.com/servlet/clientservlet/2019295-133g.pdf?req=raa&direction=2019295-133&filename=2019295-133g.pdf&filerev=g&docrev_org=g | Trust: 1.7 |
| url: | http://apps.gehealthcare.com/servlet/clientservlet/dms+sys+mgmt+manual.pdf?req=raa&direction=doc1258180&filename=dms%2bsys%2bmgmt%2bmanual.pdf&filerev=3&docrev_org=3 | Trust: 1.7 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6757 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6757 | Trust: 0.8 |
| url: | http://apps.gehealthcare.com/servlet/clientservlet/2019295-133d.pdf?docclass=a&req=rac&direction=2019295-133d&filename=2019295-133d.pdf&filerev=d&docrev_org=d&submit=+accept+ | Trust: 0.3 |
| url: | http://www3.gehealthcare.com/en/global_gateway | Trust: 0.3 |
| url: | http://apps.gehealthcare.com/servlet/clientservlet/2019295-133d.pdf?req=raa&direction=2019295-133d&filename=2019295-133d.pdf&filerev=d&docrev_org=d | Trust: 0.1 |
| url: | http://apps.gehealthcare.com/servlet/clientservlet/2019295-133g.pdf?req=raa&direction=2019295-133&filename=2019295-133g.pdf&filerev=g&docrev_org=g | Trust: 0.1 |
| url: | http://apps.gehealthcare.com/servlet/clientservlet/dms+sys+mgmt+manual.pdf?req=raa&direction=doc1258180&filename=dms%2bsys%2bmgmt%2bmanual.pdf&filerev=3&docrev_org=3 | Trust: 0.1 |
| url: | https://cwe.mitre.org/data/definitions/255.html | Trust: 0.1 |
| url: | https://www.securityfocus.com/bid/76263 | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
CNVD: CNVD-2015-05142 //
VULHUB: VHN-30119 //
VULMON: CVE-2007-6757 //
BID: 76263 //
JVNDB: JVNDB-2015-003997 //
CNNVD: CNNVD-201508-018 //
NVD: CVE-2007-6757
CREDITS
Scott Erven of Protiviti.
Trust: 0.3
sources:
BID: 76263
SOURCES
| db: | CNVD | id: | CNVD-2015-05142 |
| db: | VULHUB | id: | VHN-30119 |
| db: | VULMON | id: | CVE-2007-6757 |
| db: | BID | id: | 76263 |
| db: | JVNDB | id: | JVNDB-2015-003997 |
| db: | CNNVD | id: | CNNVD-201508-018 |
| db: | NVD | id: | CVE-2007-6757 |
LAST UPDATE DATE
2024-08-14T13:33:50.300000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-05142 | date: | 2015-08-06T00:00:00 |
| db: | VULHUB | id: | VHN-30119 | date: | 2018-03-28T00:00:00 |
| db: | VULMON | id: | CVE-2007-6757 | date: | 2018-03-28T00:00:00 |
| db: | BID | id: | 76263 | date: | 2015-08-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-003997 | date: | 2018-04-02T00:00:00 |
| db: | CNNVD | id: | CNNVD-201508-018 | date: | 2015-08-05T00:00:00 |
| db: | NVD | id: | CVE-2007-6757 | date: | 2018-03-28T01:29:01.057 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-05142 | date: | 2015-08-06T00:00:00 |
| db: | VULHUB | id: | VHN-30119 | date: | 2015-08-04T00:00:00 |
| db: | VULMON | id: | CVE-2007-6757 | date: | 2015-08-04T00:00:00 |
| db: | BID | id: | 76263 | date: | 2015-08-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-003997 | date: | 2015-08-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-201508-018 | date: | 2015-08-05T00:00:00 |
| db: | NVD | id: | CVE-2007-6757 | date: | 2015-08-04T14:59:07.300 |