Sign-up

ID

VAR-201508-0018


CVE

CVE-2012-6693


TITLE

GE Healthcare Centricity PACS Server vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004004

DESCRIPTION

GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. GE Healthcare Centricity PACS is the company's image archiving and transmission system for the medical industry. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

Trust: 2.43

sources: NVD: CVE-2012-6693 // JVNDB: JVNDB-2015-004004 // CNVD: CNVD-2015-05168 // BID: 76183

AFFECTED PRODUCTS

vendor:gehealthcaremodel:centricity pacs serverscope:eqversion:4.0

Trust: 1.6

vendor:ge healthcaremodel:centricity pacsscope:eqversion:4.0

Trust: 0.8

vendor:general electricmodel:centricity pacsscope:eqversion:4.0

Trust: 0.6

vendor:gehealthcaremodel:centricity pacsscope:eqversion:4.0

Trust: 0.3

sources: CNVD: CNVD-2015-05168 // BID: 76183 // JVNDB: JVNDB-2015-004004 // CNNVD: CNNVD-201508-029 // NVD: CVE-2012-6693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-6693
value: HIGH

Trust: 1.0

NVD: CVE-2012-6693
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-05168
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201508-029
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2012-6693
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-05168
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2015-05168 // JVNDB: JVNDB-2015-004004 // CNNVD: CNNVD-201508-029 // NVD: CVE-2012-6693

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2015-004004 // NVD: CVE-2012-6693

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-029

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-029

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004004

PATCH
title:Centricity PACS Workstation Installation and Service Manualurl:http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1
Trust: 0.8
title:Centricity PACS Servers Service Manualurl:http://apps.gehealthcare.com/servlet/ClientServlet/C4x_SRV_SVC_2063464-001r2.pdf?REQ=RAA&DIRECTION=2063464-001&FILENAME=C4x_SRV_SVC_2063464-001r2.pdf&FILEREV=2&DOCREV_ORG=2
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004004

EXTERNAL IDS
db:NVDid:CVE-2012-6693
Trust: 3.3
db:ICS CERTid:ICSMA-18-037-02
Trust: 1.8
db:JVNDBid:JVNDB-2015-004004
Trust: 0.8
db:CNVDid:CNVD-2015-05168
Trust: 0.6
db:CNNVDid:CNNVD-201508-029
Trust: 0.6
db:BIDid:76183
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-05168 // 
            
            
            
            BID: 76183 // 
            
            
            
            JVNDB: JVNDB-2015-004004 // 
            
            
            
            CNNVD: CNNVD-201508-029 // 
            
            
            
            NVD: CVE-2012-6693

REFERENCES
url:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
Trust: 3.3
url:https://ics-cert.us-cert.gov/advisories/icsma-18-037-02
Trust: 1.8
url:https://twitter.com/digitalbond/status/619250429751222277
Trust: 1.6
url:http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa&direction=2069560-001&filename=c401_ws_inst_sv_2069560001r1.pdf&filerev=1&docrev_org=1
Trust: 1.6
url:http://apps.gehealthcare.com/servlet/clientservlet/c4x_srv_svc_2063464-001r2.pdf?req=raa&direction=2063464-001&filename=c4x_srv_svc_2063464-001r2.pdf&filerev=2&docrev_org=2
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6693
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6693
Trust: 0.8
url:http://www3.gehealthcare.in/en/products/categories/healthcare_it/medical_imaging_informatics_-_ris-pacs-cvis/centricity_pacs
Trust: 0.3
url:http://www3.gehealthcare.com/en
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-05168 // 
            
            
            
            BID: 76183 // 
            
            
            
            JVNDB: JVNDB-2015-004004 // 
            
            
            
            CNNVD: CNNVD-201508-029 // 
            
            
            
            NVD: CVE-2012-6693

CREDITS
Scott Erven
Trust: 0.3
sources:
            
            
            BID: 76183

SOURCES
db:CNVDid:CNVD-2015-05168
db:BIDid:76183
db:JVNDBid:JVNDB-2015-004004
db:CNNVDid:CNNVD-201508-029
db:NVDid:CVE-2012-6693

LAST UPDATE DATE
2024-08-14T13:33:50.413000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05168date:2015-08-10T00:00:00
db:BIDid:76183date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-004004date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201508-029date:2015-08-05T00:00:00
db:NVDid:CVE-2012-6693date:2018-03-28T01:29:02.090

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-05168date:2015-08-10T00:00:00
db:BIDid:76183date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-004004date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201508-029date:2015-08-05T00:00:00
db:NVDid:CVE-2012-6693date:2015-08-04T14:59:18.643