Sign-up

ID

VAR-201508-0019


CVE

CVE-2012-6694


TITLE

GE Healthcare Centricity PACS Workstation and Server Trust Management Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-05141 // CNNVD: CNNVD-201508-030

DESCRIPTION

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. GE Healthcare Centricity PACS is an image archiving and transmission system (PACS) for the medical industry of General Electric (GE). Workstation is a PACS workstation; Server is a PACS server. The vulnerability stems from the use of ‘2charGE’ as the password for the geservice account. An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

Trust: 2.43

sources: NVD: CVE-2012-6694 // JVNDB: JVNDB-2015-004005 // CNVD: CNVD-2015-05141 // BID: 76175

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-05141

AFFECTED PRODUCTS

vendor:gehealthcaremodel:centricity pacs workstationscope:eqversion:4.0.1

Trust: 1.9

vendor:gehealthcaremodel:centricity pacs workstationscope:eqversion:4.0

Trust: 1.9

vendor:gehealthcaremodel:centricity pacs serverscope:eqversion:4.0

Trust: 1.9

vendor:ge healthcaremodel:centricity pacsscope:eqversion:4.0

Trust: 0.8

vendor:ge healthcaremodel:centricity pacsscope:eqversion:4.0.1

Trust: 0.8

vendor:gemodel:centricity pacs workstationscope:eqversion:4.0

Trust: 0.6

vendor:gemodel:centricity pacs workstationscope:eqversion:4.0.1

Trust: 0.6

vendor:gemodel:centricity pacs serverscope:eqversion:4.0

Trust: 0.6

vendor:general electricmodel:healthcare centricity pacs workstation/serverscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2015-05141 // BID: 76175 // JVNDB: JVNDB-2015-004005 // CNNVD: CNNVD-201508-030 // NVD: CVE-2012-6694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-6694
value: HIGH

Trust: 1.0

NVD: CVE-2012-6694
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-05141
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201508-030
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2012-6694
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-05141
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2015-05141 // JVNDB: JVNDB-2015-004005 // CNNVD: CNNVD-201508-030 // NVD: CVE-2012-6694

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2015-004005 // NVD: CVE-2012-6694

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-030

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-030

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004005

PATCH
title:Centricity PACS Workstation Installation and Service Manual (PACS 4.0 Release)url:http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA&DIRECTION=2063534-001&FILENAME=C40_WS_INST_SV_2063534-001r2.pdf&FILEREV=1&DOCREV_ORG=1
Trust: 0.8
title:Centricity PACS Workstation Installation and Service Manual (PACS 4.0.1 Release)url:http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004005

EXTERNAL IDS
db:NVDid:CVE-2012-6694
Trust: 3.3
db:ICS CERTid:ICSMA-18-037-02
Trust: 1.8
db:JVNDBid:JVNDB-2015-004005
Trust: 0.8
db:CNVDid:CNVD-2015-05141
Trust: 0.6
db:CNNVDid:CNNVD-201508-030
Trust: 0.6
db:BIDid:76175
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-05141 // 
            
            
            
            BID: 76175 // 
            
            
            
            JVNDB: JVNDB-2015-004005 // 
            
            
            
            CNNVD: CNNVD-201508-030 // 
            
            
            
            NVD: CVE-2012-6694

REFERENCES
url:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
Trust: 2.4
url:https://twitter.com/digitalbond/status/619250429751222277
Trust: 2.2
url:https://ics-cert.us-cert.gov/advisories/icsma-18-037-02
Trust: 1.8
url:http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa&direction=2069560-001&filename=c401_ws_inst_sv_2069560001r1.pdf&filerev=1&docrev_org=1
Trust: 1.6
url:http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?req=raa&direction=2063534-001&filename=c40_ws_inst_sv_2063534-001r2.pdf&filerev=1&docrev_org=1
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6694
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6694
Trust: 0.8
url:http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?docclass=a&req=rac&direction=2063534-001&filename=c40_ws_inst_sv_2063534-001r2.pdf&filerev=1&docrev_org=1&submit=+ac
Trust: 0.3
url:http://www3.gehealthcare.com/en
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-05141 // 
            
            
            
            BID: 76175 // 
            
            
            
            JVNDB: JVNDB-2015-004005 // 
            
            
            
            CNNVD: CNNVD-201508-030 // 
            
            
            
            NVD: CVE-2012-6694

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 76175

SOURCES
db:CNVDid:CNVD-2015-05141
db:BIDid:76175
db:JVNDBid:JVNDB-2015-004005
db:CNNVDid:CNNVD-201508-030
db:NVDid:CVE-2012-6694

LAST UPDATE DATE
2024-08-14T13:33:50.189000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05141date:2015-08-06T00:00:00
db:BIDid:76175date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-004005date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201508-030date:2015-08-05T00:00:00
db:NVDid:CVE-2012-6694date:2018-03-28T01:29:02.183

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-05141date:2015-08-06T00:00:00
db:BIDid:76175date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-004005date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201508-030date:2015-08-05T00:00:00
db:NVDid:CVE-2012-6694date:2015-08-04T14:59:19.613