Sign-up

ID

VAR-201508-0007


CVE

CVE-2004-2777


TITLE

GE Healthcare Centricity Image Vault Trust Management Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-05144 // CNNVD: CNNVD-201508-016

DESCRIPTION

GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks

Trust: 2.61

sources: NVD: CVE-2004-2777 // JVNDB: JVNDB-2015-003995 // CNVD: CNVD-2015-05144 // BID: 76279 // VULHUB: VHN-11205 // VULMON: CVE-2004-2777

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-05144

AFFECTED PRODUCTS

vendor:gehealthcaremodel:centricity image vaultscope:eqversion:*

Trust: 1.0

vendor:ge healthcaremodel:centricity cardiology image vaultscope:eqversion:3.x

Trust: 0.8

vendor:general electricmodel:healthcare centricity image vaultscope: - version: -

Trust: 0.6

vendor:gehealthcaremodel:centricity image vaultscope: - version: -

Trust: 0.6

vendor:gehealthcaremodel:centricity image vaultscope:eqversion:3.0

Trust: 0.3

sources: CNVD: CNVD-2015-05144 // BID: 76279 // JVNDB: JVNDB-2015-003995 // CNNVD: CNNVD-201508-016 // NVD: CVE-2004-2777

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2777
value: HIGH

Trust: 1.0

NVD: CVE-2004-2777
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-05144
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201508-016
value: CRITICAL

Trust: 0.6

VULHUB: VHN-11205
value: HIGH

Trust: 0.1

VULMON: CVE-2004-2777
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-2777
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-05144
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-11205
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-05144 // VULHUB: VHN-11205 // VULMON: CVE-2004-2777 // JVNDB: JVNDB-2015-003995 // CNNVD: CNNVD-201508-016 // NVD: CVE-2004-2777

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-11205 // JVNDB: JVNDB-2015-003995 // NVD: CVE-2004-2777

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-016

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-016

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003995

PATCH
title:Centricity Cardiology Image Vault Service Manualurl:http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA&DIRECTION=2010564-002&FILENAME=2010564-002E.pdf&FILEREV=E&DOCREV_ORG=E
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003995

EXTERNAL IDS
db:NVDid:CVE-2004-2777
Trust: 3.5
db:ICS CERTid:ICSMA-18-037-02
Trust: 2.0
db:JVNDBid:JVNDB-2015-003995
Trust: 0.8
db:CNNVDid:CNNVD-201508-016
Trust: 0.7
db:CNVDid:CNVD-2015-05144
Trust: 0.6
db:BIDid:76279
Trust: 0.5
db:VULHUBid:VHN-11205
Trust: 0.1
db:VULMONid:CVE-2004-2777
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05144 // 
            
            
            
            VULHUB: VHN-11205 // 
            
            
            
            VULMON: CVE-2004-2777 // 
            
            
            
            BID: 76279 // 
            
            
            
            JVNDB: JVNDB-2015-003995 // 
            
            
            
            CNNVD: CNNVD-201508-016 // 
            
            
            
            NVD: CVE-2004-2777

REFERENCES
url:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
Trust: 3.5
url:https://ics-cert.us-cert.gov/advisories/icsma-18-037-02
Trust: 2.1
url:http://apps.gehealthcare.com/servlet/clientservlet/2010564-002e.pdf?req=raa&direction=2010564-002&filename=2010564-002e.pdf&filerev=e&docrev_org=e
Trust: 2.0
url:https://twitter.com/digitalbond/status/619250429751222277
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-2777
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2004-2777
Trust: 0.8
url:http://www3.gehealthcare.com/en/global_gateway
Trust: 0.3
url:http://apps.gehealthcare.com/servlet/clientservlet/2010564-002e.pdf?req=raa&direction=2010564-002&filename=2010564-002e.pdf&filerev=e&docrev_org=e
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.1
url:https://www.securityfocus.com/bid/76279
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05144 // 
            
            
            
            VULHUB: VHN-11205 // 
            
            
            
            VULMON: CVE-2004-2777 // 
            
            
            
            BID: 76279 // 
            
            
            
            JVNDB: JVNDB-2015-003995 // 
            
            
            
            CNNVD: CNNVD-201508-016 // 
            
            
            
            NVD: CVE-2004-2777

CREDITS
Scott Erven of Protiviti.
Trust: 0.3
sources:
            
            
            BID: 76279

SOURCES
db:CNVDid:CNVD-2015-05144
db:VULHUBid:VHN-11205
db:VULMONid:CVE-2004-2777
db:BIDid:76279
db:JVNDBid:JVNDB-2015-003995
db:CNNVDid:CNNVD-201508-016
db:NVDid:CVE-2004-2777

LAST UPDATE DATE
2024-08-14T13:33:50.222000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05144date:2015-08-06T00:00:00
db:VULHUBid:VHN-11205date:2018-03-28T00:00:00
db:VULMONid:CVE-2004-2777date:2018-03-28T00:00:00
db:BIDid:76279date:2015-07-10T00:00:00
db:JVNDBid:JVNDB-2015-003995date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201508-016date:2015-08-05T00:00:00
db:NVDid:CVE-2004-2777date:2018-03-28T01:29:00.807

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-05144date:2015-08-06T00:00:00
db:VULHUBid:VHN-11205date:2015-08-04T00:00:00
db:VULMONid:CVE-2004-2777date:2015-08-04T00:00:00
db:BIDid:76279date:2015-07-10T00:00:00
db:JVNDBid:JVNDB-2015-003995date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201508-016date:2015-08-05T00:00:00
db:NVDid:CVE-2004-2777date:2015-08-04T14:59:05.237