Details of VAR-201508-0003

ID

VAR-201508-0003

CVE

CVE-2003-1603

TITLE

GE Healthcare Discovery VH Trust Management Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-05145 // CNNVD: CNNVD-201508-015

DESCRIPTION

GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors. GE Healthcare Discovery VH is a dual-detection gamma camera from General Electric (GE) of the United States for full-body scanning of patients in the medical industry and providing superior image quality. An attacker could exploit this vulnerability to control the device. GE Healthcare Discovery VH is prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks

Trust: 2.43

sources: NVD: CVE-2003-1603 // JVNDB: JVNDB-2015-003994 // CNVD: CNVD-2015-05145 // BID: 76278

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05145

AFFECTED PRODUCTS

vendor:	gehealthcare	model:	discovery vh	scope:	eq	version:	-	Trust: 1.6
vendor:	ge healthcare	model:	discovery vh	scope:	-	version:	-	Trust: 0.8
vendor:	general electric	model:	healthcare discovery vh	scope:	-	version:	-	Trust: 0.6
vendor:	gehealthcare	model:	discovery vh	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2015-05145 // BID: 76278 // JVNDB: JVNDB-2015-003994 // CNNVD: CNNVD-201508-015 // NVD: CVE-2003-1603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1603
value:	HIGH
Trust: 1.0
NVD:	CVE-2003-1603
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-05145
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201508-015
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2003-1603
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-05145
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-05145 // JVNDB: JVNDB-2015-003994 // CNNVD: CNNVD-201508-015 // NVD: CVE-2003-1603

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2015-003994 // NVD: CVE-2003-1603

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-015

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-015

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003994

PATCH

title:

Discovery VH System Service Manual

url:

http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA&DIRECTION=2337093-100&FILENAME=2337093-100.pdf&FILEREV=1&DOCREV_ORG=1

Trust: 0.8

sources: JVNDB: JVNDB-2015-003994

EXTERNAL IDS

db:	NVD	id:	CVE-2003-1603	Trust: 3.3
db:	ICS CERT	id:	ICSMA-18-037-02	Trust: 1.8
db:	JVNDB	id:	JVNDB-2015-003994	Trust: 0.8
db:	CNVD	id:	CNVD-2015-05145	Trust: 0.6
db:	CNNVD	id:	CNNVD-201508-015	Trust: 0.6
db:	BID	id:	76278	Trust: 0.3

sources: CNVD: CNVD-2015-05145 // BID: 76278 // JVNDB: JVNDB-2015-003994 // CNNVD: CNNVD-201508-015 // NVD: CVE-2003-1603

REFERENCES

url:	http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/	Trust: 3.3
url:	https://ics-cert.us-cert.gov/advisories/icsma-18-037-02	Trust: 1.8
url:	http://apps.gehealthcare.com/servlet/clientservlet/2337093-100.pdf?req=raa&direction=2337093-100&filename=2337093-100.pdf&filerev=1&docrev_org=1	Trust: 1.6
url:	https://twitter.com/digitalbond/status/619250429751222277	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-1603	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2003-1603	Trust: 0.8
url:	http://www3.gehealthcare.com/en	Trust: 0.3

sources: CNVD: CNVD-2015-05145 // BID: 76278 // JVNDB: JVNDB-2015-003994 // CNNVD: CNNVD-201508-015 // NVD: CVE-2003-1603

CREDITS

Scott Erven

Trust: 0.3

sources: BID: 76278

SOURCES

db:	CNVD	id:	CNVD-2015-05145
db:	BID	id:	76278
db:	JVNDB	id:	JVNDB-2015-003994
db:	CNNVD	id:	CNNVD-201508-015
db:	NVD	id:	CVE-2003-1603

LAST UPDATE DATE

2024-08-14T13:33:50.157000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05145	date:	2015-08-06T00:00:00
db:	BID	id:	76278	date:	2015-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-003994	date:	2018-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201508-015	date:	2015-08-05T00:00:00
db:	NVD	id:	CVE-2003-1603	date:	2018-03-28T01:29:00.557

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05145	date:	2015-08-06T00:00:00
db:	BID	id:	76278	date:	2015-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-003994	date:	2015-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201508-015	date:	2015-08-05T00:00:00
db:	NVD	id:	CVE-2003-1603	date:	2015-08-04T14:59:04.127