Sign-up

ID

VAR-201508-0004


CVE

CVE-2001-1594


TITLE

GE Healthcare eNTEGRA P&R Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-003991

DESCRIPTION

GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare eNTEGRA P&R Uses passwords for the following and other accounts, and is vulnerable to unspecified effects and attacks. GE Healthcare eNTEGRA P & R (Processing & Review) is a medical nuclear computer system for the medical industry from General Electric (GE). A security vulnerability exists in GE Healthcare eNTEGRA P & R. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2001-1594 // JVNDB: JVNDB-2015-003991 // CNVD: CNVD-2015-05149 // BID: 76280 // VULMON: CVE-2001-1594

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-05149

AFFECTED PRODUCTS

vendor:gehealthcaremodel:entegra p\&rscope:eqversion:*

Trust: 1.0

vendor:ge healthcaremodel:entegra p&rscope: - version: -

Trust: 0.8

vendor:general electricmodel:healthcare entegra p&rscope: - version: -

Trust: 0.6

vendor:gehealthcaremodel:entegra p\&rscope: - version: -

Trust: 0.6

vendor:gehealthcaremodel:entegra p&rscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-05149 // BID: 76280 // JVNDB: JVNDB-2015-003991 // CNNVD: CNNVD-201508-012 // NVD: CVE-2001-1594

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-1594
value: HIGH

Trust: 1.0

NVD: CVE-2001-1594
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-05149
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201508-012
value: CRITICAL

Trust: 0.6

VULMON: CVE-2001-1594
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2001-1594
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-05149
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2015-05149 // VULMON: CVE-2001-1594 // JVNDB: JVNDB-2015-003991 // CNNVD: CNNVD-201508-012 // NVD: CVE-2001-1594

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2015-003991 // NVD: CVE-2001-1594

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-012

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-012

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003991

PATCH
title:eNTEGRA P&R Nuclear Imaging System System Service Manualurl:http://apps.gehealthcare.com/servlet/ClientServlet/2263784.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=2263784-100&FILENAME=2263784.pdf&FILEREV=5&DOCREV_ORG=5&SUBMIT=+ACCEPT+
Trust: 0.8
title:vmengineurl:https://github.com/wsbespalov/vmengine 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2001-1594 // 
            
            
            
            JVNDB: JVNDB-2015-003991

EXTERNAL IDS
db:NVDid:CVE-2001-1594
Trust: 3.4
db:ICS CERTid:ICSMA-18-037-02
Trust: 1.9
db:JVNDBid:JVNDB-2015-003991
Trust: 0.8
db:CNVDid:CNVD-2015-05149
Trust: 0.6
db:CNNVDid:CNNVD-201508-012
Trust: 0.6
db:BIDid:76280
Trust: 0.3
db:VULMONid:CVE-2001-1594
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05149 // 
            
            
            
            VULMON: CVE-2001-1594 // 
            
            
            
            BID: 76280 // 
            
            
            
            JVNDB: JVNDB-2015-003991 // 
            
            
            
            CNNVD: CNNVD-201508-012 // 
            
            
            
            NVD: CVE-2001-1594

REFERENCES
url:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
Trust: 2.8
url:http://apps.gehealthcare.com/servlet/clientservlet/2263784.pdf?docclass=a&req=rac&direction=2263784-100&filename=2263784.pdf&filerev=5&docrev_org=5&submit=+accept+
Trust: 2.0
url:https://ics-cert.us-cert.gov/advisories/icsma-18-037-02
Trust: 2.0
url:https://twitter.com/digitalbond/status/619250429751222277
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-1594
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2001-1594
Trust: 0.8
url:http://apps.gehealthcare.com/servlet/clientservlet/2263784.pdf?docclass=a&req=rac&direction=2263784-100&filename=2263784.pdf&filerev=5&docrev_org=5&submit=+accept+
Trust: 0.6
url:http://www3.gehealthcare.com/en
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.1
url:https://github.com/wsbespalov/vmengine
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05149 // 
            
            
            
            VULMON: CVE-2001-1594 // 
            
            
            
            BID: 76280 // 
            
            
            
            JVNDB: JVNDB-2015-003991 // 
            
            
            
            CNNVD: CNNVD-201508-012 // 
            
            
            
            NVD: CVE-2001-1594

CREDITS
Scott Erven
Trust: 0.3
sources:
            
            
            BID: 76280

SOURCES
db:CNVDid:CNVD-2015-05149
db:VULMONid:CVE-2001-1594
db:BIDid:76280
db:JVNDBid:JVNDB-2015-003991
db:CNNVDid:CNNVD-201508-012
db:NVDid:CVE-2001-1594

LAST UPDATE DATE
2024-08-14T13:33:50.522000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05149date:2015-08-07T00:00:00
db:VULMONid:CVE-2001-1594date:2018-03-28T00:00:00
db:BIDid:76280date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-003991date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201508-012date:2015-08-05T00:00:00
db:NVDid:CVE-2001-1594date:2018-03-28T01:29:00.370

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-05149date:2015-08-07T00:00:00
db:VULMONid:CVE-2001-1594date:2015-08-04T00:00:00
db:BIDid:76280date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-003991date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201508-012date:2015-08-05T00:00:00
db:NVDid:CVE-2001-1594date:2015-08-04T14:59:00.143