Sign-up

ID

VAR-201508-0009


CVE

CVE-2010-5307


TITLE

GE Healthcare Optima MR360 of HIPAA Vulnerability in configuration interface

Trust: 0.8

sources: JVNDB: JVNDB-2015-004014

DESCRIPTION

The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device

Trust: 2.52

sources: NVD: CVE-2010-5307 // JVNDB: JVNDB-2015-004014 // CNVD: CNVD-2015-05173 // BID: 76248 // VULHUB: VHN-47912

AFFECTED PRODUCTS

vendor:gehealthcaremodel:optima mr360scope:eqversion: -

Trust: 1.6

vendor:ge healthcaremodel:optima mr360scope: - version: -

Trust: 0.8

vendor:general electricmodel:optima mr360scope: - version: -

Trust: 0.6

vendor:gehealthcaremodel:optima mr360scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-05173 // BID: 76248 // JVNDB: JVNDB-2015-004014 // CNNVD: CNNVD-201508-021 // NVD: CVE-2010-5307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-5307
value: HIGH

Trust: 1.0

NVD: CVE-2010-5307
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-05173
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201508-021
value: CRITICAL

Trust: 0.6

VULHUB: VHN-47912
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-5307
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-05173
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-47912
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-05173 // VULHUB: VHN-47912 // JVNDB: JVNDB-2015-004014 // CNNVD: CNNVD-201508-021 // NVD: CVE-2010-5307

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-47912 // JVNDB: JVNDB-2015-004014 // NVD: CVE-2010-5307

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-021

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-021

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004014

PATCH
title:Optima MR360 1.5T MR system Operator Manualurl:http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004014

EXTERNAL IDS
db:NVDid:CVE-2010-5307
Trust: 3.4
db:ICS CERTid:ICSMA-18-037-02
Trust: 1.9
db:JVNDBid:JVNDB-2015-004014
Trust: 0.8
db:CNNVDid:CNNVD-201508-021
Trust: 0.7
db:CNVDid:CNVD-2015-05173
Trust: 0.6
db:BIDid:76248
Trust: 0.4
db:VULHUBid:VHN-47912
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05173 // 
            
            
            
            VULHUB: VHN-47912 // 
            
            
            
            BID: 76248 // 
            
            
            
            JVNDB: JVNDB-2015-004014 // 
            
            
            
            CNNVD: CNNVD-201508-021 // 
            
            
            
            NVD: CVE-2010-5307

REFERENCES
url:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
Trust: 3.4
url:https://ics-cert.us-cert.gov/advisories/icsma-18-037-02
Trust: 1.9
url:https://twitter.com/digitalbond/status/619250429751222277
Trust: 1.7
url:http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa&direction=5339461-1en&filename=mr360%2boperator%2bmanual%2bpaper.pdf&filerev=4&docrev_org=4
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5307
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5307
Trust: 0.8
url:http://www3.gehealthcare.com/en
Trust: 0.3
url:http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa&direction=5339461-1en&filename=mr360%2boperator%2bmanual%2bpaper.pdf&filerev=4&docrev_org=4
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05173 // 
            
            
            
            VULHUB: VHN-47912 // 
            
            
            
            BID: 76248 // 
            
            
            
            JVNDB: JVNDB-2015-004014 // 
            
            
            
            CNNVD: CNNVD-201508-021 // 
            
            
            
            NVD: CVE-2010-5307

CREDITS
Scott Erven
Trust: 0.3
sources:
            
            
            BID: 76248

SOURCES
db:CNVDid:CNVD-2015-05173
db:VULHUBid:VHN-47912
db:BIDid:76248
db:JVNDBid:JVNDB-2015-004014
db:CNNVDid:CNNVD-201508-021
db:NVDid:CVE-2010-5307

LAST UPDATE DATE
2024-08-14T13:33:50.378000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05173date:2015-08-11T00:00:00
db:VULHUBid:VHN-47912date:2018-03-28T00:00:00
db:BIDid:76248date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-004014date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201508-021date:2015-08-06T00:00:00
db:NVDid:CVE-2010-5307date:2018-03-28T01:29:01.417

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-05173date:2015-08-11T00:00:00
db:VULHUBid:VHN-47912date:2015-08-04T00:00:00
db:BIDid:76248date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-004014date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201508-021date:2015-08-05T00:00:00
db:NVDid:CVE-2010-5307date:2015-08-04T14:59:10.517