Details of VAR-201508-0006

ID

VAR-201508-0006

CVE

CVE-2002-2446

TITLE

plural GE Healthcare Millennium Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003993

DESCRIPTION

GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC and MyoSIGHT are all US Scandinavian (GE) scanning camera products for the medical industry. An attacker could exploit this vulnerability to control the device. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks

Trust: 2.61

sources: NVD: CVE-2002-2446 // JVNDB: JVNDB-2015-003993 // CNVD: CNVD-2015-05132 // BID: 76277 // VULHUB: VHN-6829 // VULMON: CVE-2002-2446

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05132

AFFECTED PRODUCTS

vendor:	gehealthcare	model:	millennium myosight	scope:	eq	version:	-	Trust: 1.6
vendor:	gehealthcare	model:	millennium nc	scope:	eq	version:	-	Trust: 1.6
vendor:	gehealthcare	model:	millennium mg	scope:	eq	version:	-	Trust: 1.6
vendor:	ge healthcare	model:	millennium mg	scope:	-	version:	-	Trust: 0.8
vendor:	ge healthcare	model:	millennium myosight	scope:	-	version:	-	Trust: 0.8
vendor:	ge healthcare	model:	millennium nc	scope:	-	version:	-	Trust: 0.8
vendor:	general electric	model:	healthcare millennium mg/nc/myosight	scope:	-	version:	-	Trust: 0.6
vendor:	gehealthcare	model:	millennium nc	scope:	eq	version:	0	Trust: 0.3
vendor:	gehealthcare	model:	millennium myosight	scope:	eq	version:	0	Trust: 0.3
vendor:	gehealthcare	model:	millennium mg	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2015-05132 // BID: 76277 // JVNDB: JVNDB-2015-003993 // CNNVD: CNNVD-201508-014 // NVD: CVE-2002-2446

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2446
value:	HIGH
Trust: 1.0
NVD:	CVE-2002-2446
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-05132
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201508-014
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-6829
value:	HIGH
Trust: 0.1
VULMON:	CVE-2002-2446
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-2446
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-05132
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-6829
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-05132 // VULHUB: VHN-6829 // VULMON: CVE-2002-2446 // JVNDB: JVNDB-2015-003993 // CNNVD: CNNVD-201508-014 // NVD: CVE-2002-2446

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-6829 // JVNDB: JVNDB-2015-003993 // NVD: CVE-2002-2446

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-014

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-014

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003993

PATCH

title:	Millennium MyoSIGHT Nuclear Medicine Imaging System Service Manual	url:	http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA&DIRECTION=2354459-100&FILENAME=2354459-100.pdf&FILEREV=4&DOCREV_ORG=4	Trust: 0.8
title:	Top Page	url:	http://www3.gehealthcare.com/en/global_gateway	Trust: 0.8
title:	Millenium MG & MC Nuclear Medicine Imaging System Service Manual	url:	http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA&DIRECTION=2338955-100&FILENAME=2338955-100.pdf&FILEREV=1&DOCREV_ORG=1	Trust: 0.8

sources: JVNDB: JVNDB-2015-003993

EXTERNAL IDS

db:	NVD	id:	CVE-2002-2446	Trust: 3.5
db:	ICS CERT	id:	ICSMA-18-037-02	Trust: 2.0
db:	JVNDB	id:	JVNDB-2015-003993	Trust: 0.8
db:	CNVD	id:	CNVD-2015-05132	Trust: 0.6
db:	CNNVD	id:	CNNVD-201508-014	Trust: 0.6
db:	BID	id:	76277	Trust: 0.5
db:	VULHUB	id:	VHN-6829	Trust: 0.1
db:	VULMON	id:	CVE-2002-2446	Trust: 0.1

sources: CNVD: CNVD-2015-05132 // VULHUB: VHN-6829 // VULMON: CVE-2002-2446 // BID: 76277 // JVNDB: JVNDB-2015-003993 // CNNVD: CNNVD-201508-014 // NVD: CVE-2002-2446

REFERENCES

url:	http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/	Trust: 2.9
url:	https://twitter.com/digitalbond/status/619250429751222277	Trust: 2.4
url:	https://ics-cert.us-cert.gov/advisories/icsma-18-037-02	Trust: 2.1
url:	http://apps.gehealthcare.com/servlet/clientservlet/2338955-100.pdf?req=raa&direction=2338955-100&filename=2338955-100.pdf&filerev=1&docrev_org=1	Trust: 1.7
url:	http://apps.gehealthcare.com/servlet/clientservlet/2354459-100.pdf?req=raa&direction=2354459-100&filename=2354459-100.pdf&filerev=4&docrev_org=4	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-2446	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2002-2446	Trust: 0.8
url:	http://www3.gehealthcare.com/en/global_gateway	Trust: 0.3
url:	http://apps.gehealthcare.com/servlet/clientservlet/2338955-100.pdf?req=raa&direction=2338955-100&filename=2338955-100.pdf&filerev=1&docrev_org=1	Trust: 0.1
url:	http://apps.gehealthcare.com/servlet/clientservlet/2354459-100.pdf?req=raa&direction=2354459-100&filename=2354459-100.pdf&filerev=4&docrev_org=4	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/255.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/76277	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2015-05132 // VULHUB: VHN-6829 // VULMON: CVE-2002-2446 // BID: 76277 // JVNDB: JVNDB-2015-003993 // CNNVD: CNNVD-201508-014 // NVD: CVE-2002-2446

CREDITS

Scott Erven of Protiviti.

Trust: 0.3

sources: BID: 76277

SOURCES

db:	CNVD	id:	CNVD-2015-05132
db:	VULHUB	id:	VHN-6829
db:	VULMON	id:	CVE-2002-2446
db:	BID	id:	76277
db:	JVNDB	id:	JVNDB-2015-003993
db:	CNNVD	id:	CNNVD-201508-014
db:	NVD	id:	CVE-2002-2446

LAST UPDATE DATE

2024-08-14T13:33:50.339000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05132	date:	2015-08-06T00:00:00
db:	VULHUB	id:	VHN-6829	date:	2018-03-28T00:00:00
db:	VULMON	id:	CVE-2002-2446	date:	2018-03-28T00:00:00
db:	BID	id:	76277	date:	2015-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-003993	date:	2018-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201508-014	date:	2015-08-05T00:00:00
db:	NVD	id:	CVE-2002-2446	date:	2018-03-28T01:29:00.463

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05132	date:	2015-08-06T00:00:00
db:	VULHUB	id:	VHN-6829	date:	2015-08-04T00:00:00
db:	VULMON	id:	CVE-2002-2446	date:	2015-08-04T00:00:00
db:	BID	id:	76277	date:	2015-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-003993	date:	2015-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201508-014	date:	2015-08-05T00:00:00
db:	NVD	id:	CVE-2002-2446	date:	2015-08-04T14:59:02.877