Sign-up

ID

VAR-201508-0011


CVE

CVE-2010-5309


TITLE

GE Healthcare CADStream Server Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-004016

DESCRIPTION

GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. GE Healthcare CADStream Server has built-in accounts. The admin uses a 'confirma' password, allowing remote attackers to use these accounts to control the device. An attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device

Trust: 2.61

sources: NVD: CVE-2010-5309 // JVNDB: JVNDB-2015-004016 // CNVD: CNVD-2015-05171 // BID: 76185 // VULHUB: VHN-47914 // VULMON: CVE-2010-5309

AFFECTED PRODUCTS

vendor:gehealthcaremodel:cadstream serverscope:eqversion: -

Trust: 1.6

vendor:ge healthcaremodel:cadstream serverscope: - version: -

Trust: 0.8

vendor:general electricmodel:cadstream serverscope: - version: -

Trust: 0.6

vendor:gehealthcaremodel:cadstream serverscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-05171 // BID: 76185 // JVNDB: JVNDB-2015-004016 // CNNVD: CNNVD-201508-023 // NVD: CVE-2010-5309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-5309
value: HIGH

Trust: 1.0

NVD: CVE-2010-5309
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-05171
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201508-023
value: CRITICAL

Trust: 0.6

VULHUB: VHN-47914
value: HIGH

Trust: 0.1

VULMON: CVE-2010-5309
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-5309
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-05171
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-47914
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-05171 // VULHUB: VHN-47914 // VULMON: CVE-2010-5309 // JVNDB: JVNDB-2015-004016 // CNNVD: CNNVD-201508-023 // NVD: CVE-2010-5309

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-47914 // JVNDB: JVNDB-2015-004016 // NVD: CVE-2010-5309

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-023

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-023

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004016

PATCH
title:Optima MR360 1.5T MR system Operator Manualurl:http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004016

EXTERNAL IDS
db:NVDid:CVE-2010-5309
Trust: 3.5
db:ICS CERTid:ICSMA-18-037-02
Trust: 2.0
db:JVNDBid:JVNDB-2015-004016
Trust: 0.8
db:CNNVDid:CNNVD-201508-023
Trust: 0.7
db:CNVDid:CNVD-2015-05171
Trust: 0.6
db:BIDid:76185
Trust: 0.4
db:VULHUBid:VHN-47914
Trust: 0.1
db:VULMONid:CVE-2010-5309
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05171 // 
            
            
            
            VULHUB: VHN-47914 // 
            
            
            
            VULMON: CVE-2010-5309 // 
            
            
            
            BID: 76185 // 
            
            
            
            JVNDB: JVNDB-2015-004016 // 
            
            
            
            CNNVD: CNNVD-201508-023 // 
            
            
            
            NVD: CVE-2010-5309

REFERENCES
url:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
Trust: 3.5
url:https://ics-cert.us-cert.gov/advisories/icsma-18-037-02
Trust: 2.0
url:https://twitter.com/digitalbond/status/619250429751222277
Trust: 1.8
url:http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa&direction=5339461-1en&filename=mr360%2boperator%2bmanual%2bpaper.pdf&filerev=4&docrev_org=4
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5309
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5309
Trust: 0.8
url:http://www3.gehealthcare.com/en/global_gateway
Trust: 0.3
url:http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa&direction=5339461-1en&filename=mr360%2boperator%2bmanual%2bpaper.pdf&filerev=4&docrev_org=4
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05171 // 
            
            
            
            VULHUB: VHN-47914 // 
            
            
            
            VULMON: CVE-2010-5309 // 
            
            
            
            BID: 76185 // 
            
            
            
            JVNDB: JVNDB-2015-004016 // 
            
            
            
            CNNVD: CNNVD-201508-023 // 
            
            
            
            NVD: CVE-2010-5309

CREDITS
Scott Erven
Trust: 0.3
sources:
            
            
            BID: 76185

SOURCES
db:CNVDid:CNVD-2015-05171
db:VULHUBid:VHN-47914
db:VULMONid:CVE-2010-5309
db:BIDid:76185
db:JVNDBid:JVNDB-2015-004016
db:CNNVDid:CNNVD-201508-023
db:NVDid:CVE-2010-5309

LAST UPDATE DATE
2024-08-14T13:33:50.446000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05171date:2015-08-11T00:00:00
db:VULHUBid:VHN-47914date:2018-03-28T00:00:00
db:VULMONid:CVE-2010-5309date:2018-03-28T00:00:00
db:BIDid:76185date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-004016date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201508-023date:2015-08-06T00:00:00
db:NVDid:CVE-2010-5309date:2018-03-28T01:29:01.497

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-05171date:2015-08-11T00:00:00
db:VULHUBid:VHN-47914date:2015-08-04T00:00:00
db:VULMONid:CVE-2010-5309date:2015-08-04T00:00:00
db:BIDid:76185date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-004016date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201508-023date:2015-08-05T00:00:00
db:NVDid:CVE-2010-5309date:2015-08-04T14:59:12.457