Sign-up

ID

VAR-201803-0183


CVE

CVE-2017-14002


TITLE

GE Infinia/Infinia with Hawkeye 4 Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2017-013010

DESCRIPTION

GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. GE Infinia/Infinia with Hawkeye 4 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GEInfinia/InfiniawithHawkeye4 is a medical imaging device using gamma rays equipped with the Hawkeye4 system from General Electric (GE). A security vulnerability exists in GEInfinia/InfiniawithHawkeye4 that originated from the program using default credentials or hard-coded credentials. GE Medical Devices are prone to a remote authentication-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device

Trust: 2.61

sources: NVD: CVE-2017-14002 // JVNDB: JVNDB-2017-013010 // CNVD: CNVD-2018-05961 // BID: 103405 // VULHUB: VHN-104681 // VULMON: CVE-2017-14002

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05961

AFFECTED PRODUCTS

vendor:gemodel:infinia hawkeye 4scope:eqversion: -

Trust: 1.6

vendor:generalmodel:electric infinia hawkeyescope:eqversion:40

Trust: 0.9

vendor:ge healthcaremodel:infinia hawkeye 4scope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2018-05961 // BID: 103405 // JVNDB: JVNDB-2017-013010 // CNNVD: CNNVD-201803-713 // NVD: CVE-2017-14002

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14002
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-14002
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-05961
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-713
value: CRITICAL

Trust: 0.6

VULHUB: VHN-104681
value: HIGH

Trust: 0.1

VULMON: CVE-2017-14002
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-14002
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-05961
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-104681
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14002
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05961 // VULHUB: VHN-104681 // VULMON: CVE-2017-14002 // JVNDB: JVNDB-2017-013010 // CNNVD: CNNVD-201803-713 // NVD: CVE-2017-14002

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

problemtype:CWE-287

Trust: 1.0

sources: VULHUB: VHN-104681 // JVNDB: JVNDB-2017-013010 // NVD: CVE-2017-14002

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-713

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201803-713

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013010

PATCH
title:Infinia Hawkeye 4url:http://www3.gehealthcare.co.jp/ja-jp/products_and_service/imaging/molecular_imaging/spect/infinia_hawkeye_4
Trust: 0.8
title:GEInfinia/InfiniawithHawkeye4 authentication bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/122609
Trust: 0.6
title:GE Infinia/Infinia with Hawkeye 4 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79314
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05961 // 
            
            
            
            JVNDB: JVNDB-2017-013010 // 
            
            
            
            CNNVD: CNNVD-201803-713

EXTERNAL IDS
db:NVDid:CVE-2017-14002
Trust: 3.5
db:ICS CERTid:ICSMA-18-037-02
Trust: 2.9
db:BIDid:103405
Trust: 2.7
db:JVNDBid:JVNDB-2017-013010
Trust: 0.8
db:CNVDid:CNVD-2018-05961
Trust: 0.6
db:CNNVDid:CNNVD-201803-713
Trust: 0.6
db:VULHUBid:VHN-104681
Trust: 0.1
db:VULMONid:CVE-2017-14002
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05961 // 
            
            
            
            VULHUB: VHN-104681 // 
            
            
            
            VULMON: CVE-2017-14002 // 
            
            
            
            BID: 103405 // 
            
            
            
            JVNDB: JVNDB-2017-013010 // 
            
            
            
            CNNVD: CNNVD-201803-713 // 
            
            
            
            NVD: CVE-2017-14002

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-037-02
Trust: 3.0
url:http://www.securityfocus.com/bid/103405
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14002
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14002
Trust: 0.8
url:https://www.ge.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05961 // 
            
            
            
            VULHUB: VHN-104681 // 
            
            
            
            VULMON: CVE-2017-14002 // 
            
            
            
            BID: 103405 // 
            
            
            
            JVNDB: JVNDB-2017-013010 // 
            
            
            
            CNNVD: CNNVD-201803-713 // 
            
            
            
            NVD: CVE-2017-14002

CREDITS
Scott Erven
Trust: 0.3
sources:
            
            
            BID: 103405

SOURCES
db:CNVDid:CNVD-2018-05961
db:VULHUBid:VHN-104681
db:VULMONid:CVE-2017-14002
db:BIDid:103405
db:JVNDBid:JVNDB-2017-013010
db:CNNVDid:CNNVD-201803-713
db:NVDid:CVE-2017-14002

LAST UPDATE DATE
2024-08-14T13:33:50.047000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05961date:2018-03-22T00:00:00
db:VULHUBid:VHN-104681date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-14002date:2019-10-09T00:00:00
db:BIDid:103405date:2018-03-13T00:00:00
db:JVNDBid:JVNDB-2017-013010date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-713date:2019-10-17T00:00:00
db:NVDid:CVE-2017-14002date:2019-10-09T23:23:42.437

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05961date:2018-03-22T00:00:00
db:VULHUBid:VHN-104681date:2018-03-20T00:00:00
db:VULMONid:CVE-2017-14002date:2018-03-20T00:00:00
db:BIDid:103405date:2018-03-13T00:00:00
db:JVNDBid:JVNDB-2017-013010date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-713date:2018-03-21T00:00:00
db:NVDid:CVE-2017-14002date:2018-03-20T16:29:00.267