Sign-up

ID

VAR-201508-0002


CVE

CVE-2009-5143


TITLE

GE Healthcare Discovery 530C Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-003998

DESCRIPTION

GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Discovery 530C is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. GE Healthcare Discovery 530C has built-in accounts. The acqservice user and the Xeleris System wsservice user ‘# bigguy1’ are used as passwords, allowing remote attackers to use these accounts to control devices. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device

Trust: 2.61

sources: NVD: CVE-2009-5143 // JVNDB: JVNDB-2015-003998 // CNVD: CNVD-2015-05167 // BID: 76261 // VULHUB: VHN-42589 // VULMON: CVE-2009-5143

AFFECTED PRODUCTS

vendor:gehealthcaremodel:discovery 530cscope:eqversion: -

Trust: 1.6

vendor:ge healthcaremodel:discovery nm 530cscope: - version: -

Trust: 0.8

vendor:general electricmodel:discovery 530cscope: - version: -

Trust: 0.6

vendor:gehealthcaremodel:discovery 530cscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-05167 // BID: 76261 // JVNDB: JVNDB-2015-003998 // CNNVD: CNNVD-201508-019 // NVD: CVE-2009-5143

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-5143
value: HIGH

Trust: 1.0

NVD: CVE-2009-5143
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-05167
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201508-019
value: CRITICAL

Trust: 0.6

VULHUB: VHN-42589
value: HIGH

Trust: 0.1

VULMON: CVE-2009-5143
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-5143
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-05167
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-42589
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-05167 // VULHUB: VHN-42589 // VULMON: CVE-2009-5143 // JVNDB: JVNDB-2015-003998 // CNNVD: CNNVD-201508-019 // NVD: CVE-2009-5143

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-42589 // JVNDB: JVNDB-2015-003998 // NVD: CVE-2009-5143

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-019

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-019

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003998

PATCH
title:Discovery NM 530c Nuclear Medicine Imaging System Installation Manualurl:http://apps.gehealthcare.com/servlet/ClientServlet/5323167-1EN_r2.pdf?REQ=RAA&DIRECTION=5323167-1EN&FILENAME=5323167-1EN_r2.pdf&FILEREV=2&DOCREV_ORG=2
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003998

EXTERNAL IDS
db:NVDid:CVE-2009-5143
Trust: 3.5
db:ICS CERTid:ICSMA-18-037-02
Trust: 2.0
db:JVNDBid:JVNDB-2015-003998
Trust: 0.8
db:CNNVDid:CNNVD-201508-019
Trust: 0.7
db:CNVDid:CNVD-2015-05167
Trust: 0.6
db:BIDid:76261
Trust: 0.5
db:VULHUBid:VHN-42589
Trust: 0.1
db:VULMONid:CVE-2009-5143
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05167 // 
            
            
            
            VULHUB: VHN-42589 // 
            
            
            
            VULMON: CVE-2009-5143 // 
            
            
            
            BID: 76261 // 
            
            
            
            JVNDB: JVNDB-2015-003998 // 
            
            
            
            CNNVD: CNNVD-201508-019 // 
            
            
            
            NVD: CVE-2009-5143

REFERENCES
url:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
Trust: 3.5
url:https://ics-cert.us-cert.gov/advisories/icsma-18-037-02
Trust: 2.1
url:https://twitter.com/digitalbond/status/619250429751222277
Trust: 1.8
url:http://apps.gehealthcare.com/servlet/clientservlet/5323167-1en_r2.pdf?req=raa&direction=5323167-1en&filename=5323167-1en_r2.pdf&filerev=2&docrev_org=2
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-5143
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-5143
Trust: 0.8
url:http://www3.gehealthcare.com/en
Trust: 0.3
url:http://apps.gehealthcare.com/servlet/clientservlet/5323167-1en_r2.pdf?req=raa&direction=5323167-1en&filename=5323167-1en_r2.pdf&filerev=2&docrev_org=2
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.1
url:https://www.securityfocus.com/bid/76261
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05167 // 
            
            
            
            VULHUB: VHN-42589 // 
            
            
            
            VULMON: CVE-2009-5143 // 
            
            
            
            BID: 76261 // 
            
            
            
            JVNDB: JVNDB-2015-003998 // 
            
            
            
            CNNVD: CNNVD-201508-019 // 
            
            
            
            NVD: CVE-2009-5143

CREDITS
Scott Erven
Trust: 0.3
sources:
            
            
            BID: 76261

SOURCES
db:CNVDid:CNVD-2015-05167
db:VULHUBid:VHN-42589
db:VULMONid:CVE-2009-5143
db:BIDid:76261
db:JVNDBid:JVNDB-2015-003998
db:CNNVDid:CNNVD-201508-019
db:NVDid:CVE-2009-5143

LAST UPDATE DATE
2024-08-14T13:33:50.261000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05167date:2015-08-10T00:00:00
db:VULHUBid:VHN-42589date:2018-03-28T00:00:00
db:VULMONid:CVE-2009-5143date:2018-03-28T00:00:00
db:BIDid:76261date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-003998date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201508-019date:2015-08-05T00:00:00
db:NVDid:CVE-2009-5143date:2018-03-28T01:29:01.120

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-05167date:2015-08-10T00:00:00
db:VULHUBid:VHN-42589date:2015-08-04T00:00:00
db:VULMONid:CVE-2009-5143date:2015-08-04T00:00:00
db:BIDid:76261date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-003998date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201508-019date:2015-08-05T00:00:00
db:NVDid:CVE-2009-5143date:2015-08-04T14:59:08.347