Details of VAR-201508-0020

ID

VAR-201508-0020

CVE

CVE-2012-6695

TITLE

GE Healthcare Centricity PACS Vulnerability in workstation

Trust: 0.8

sources: JVNDB: JVNDB-2015-004006

DESCRIPTION

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The vulnerability stems from the ddpadmin user using 'ddpadmin' as the password. An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

Trust: 2.43

sources: NVD: CVE-2012-6695 // JVNDB: JVNDB-2015-004006 // CNVD: CNVD-2015-05140 // BID: 76172

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05140

AFFECTED PRODUCTS

vendor:	gehealthcare	model:	centricity pacs workstation	scope:	eq	version:	4.0.1	Trust: 1.9
vendor:	gehealthcare	model:	centricity pacs workstation	scope:	eq	version:	4.0	Trust: 1.9
vendor:	ge healthcare	model:	centricity pacs	scope:	eq	version:	4.0	Trust: 0.8
vendor:	ge healthcare	model:	centricity pacs	scope:	eq	version:	4.0.1	Trust: 0.8
vendor:	ge	model:	centricity pacs workstation	scope:	eq	version:	4.0	Trust: 0.6
vendor:	ge	model:	centricity pacs workstation	scope:	eq	version:	4.0.1	Trust: 0.6

sources: CNVD: CNVD-2015-05140 // BID: 76172 // JVNDB: JVNDB-2015-004006 // CNNVD: CNNVD-201508-031 // NVD: CVE-2012-6695

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-6695
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-6695
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-05140
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201508-031
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2012-6695
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-05140
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-05140 // JVNDB: JVNDB-2015-004006 // CNNVD: CNNVD-201508-031 // NVD: CVE-2012-6695

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2015-004006 // NVD: CVE-2012-6695

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-031

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-031

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004006

PATCH

title:	Centricity PACS Workstation Installation and Service Manual (PACS 4.0 Release)	url:	http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA&DIRECTION=2063534-001&FILENAME=C40_WS_INST_SV_2063534-001r2.pdf&FILEREV=1&DOCREV_ORG=1	Trust: 0.8
title:	Centricity PACS Workstation Installation and Service Manual (PACS 4.0.1 Release)	url:	http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1	Trust: 0.8

sources: JVNDB: JVNDB-2015-004006

EXTERNAL IDS

db:	NVD	id:	CVE-2012-6695	Trust: 3.3
db:	ICS CERT	id:	ICSMA-18-037-02	Trust: 1.8
db:	JVNDB	id:	JVNDB-2015-004006	Trust: 0.8
db:	CNVD	id:	CNVD-2015-05140	Trust: 0.6
db:	CNNVD	id:	CNNVD-201508-031	Trust: 0.6
db:	BID	id:	76172	Trust: 0.3

sources: CNVD: CNVD-2015-05140 // BID: 76172 // JVNDB: JVNDB-2015-004006 // CNNVD: CNNVD-201508-031 // NVD: CVE-2012-6695

REFERENCES

url:	http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/	Trust: 2.7
url:	https://twitter.com/digitalbond/status/619250429751222277	Trust: 2.2
url:	https://ics-cert.us-cert.gov/advisories/icsma-18-037-02	Trust: 1.8
url:	http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?req=raa&direction=2063534-001&filename=c40_ws_inst_sv_2063534-001r2.pdf&filerev=1&docrev_org=1	Trust: 1.6
url:	http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa&direction=2069560-001&filename=c401_ws_inst_sv_2069560001r1.pdf&filerev=1&docrev_org=1	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6695	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6695	Trust: 0.8
url:	http://www3.gehealthcare.com/en	Trust: 0.3

sources: CNVD: CNVD-2015-05140 // BID: 76172 // JVNDB: JVNDB-2015-004006 // CNNVD: CNNVD-201508-031 // NVD: CVE-2012-6695

CREDITS

Scott Erven

Trust: 0.3

sources: BID: 76172

SOURCES

db:	CNVD	id:	CNVD-2015-05140
db:	BID	id:	76172
db:	JVNDB	id:	JVNDB-2015-004006
db:	CNNVD	id:	CNNVD-201508-031
db:	NVD	id:	CVE-2012-6695

LAST UPDATE DATE

2024-08-14T13:33:49.843000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05140	date:	2015-08-06T00:00:00
db:	BID	id:	76172	date:	2015-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-004006	date:	2018-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201508-031	date:	2015-08-05T00:00:00
db:	NVD	id:	CVE-2012-6695	date:	2018-03-28T01:29:02.260

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05140	date:	2015-08-06T00:00:00
db:	BID	id:	76172	date:	2015-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-004006	date:	2015-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201508-031	date:	2015-08-05T00:00:00
db:	NVD	id:	CVE-2012-6695	date:	2015-08-04T14:59:20.597