ID
VAR-201803-0185
CVE
CVE-2017-14006
TITLE
GE Xeleris Vulnerabilities related to the use of hard-coded credentials
Trust: 0.8
DESCRIPTION
GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. GE Xeleris Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GE Xeleris is a medical image management system of General Electric (GE). GE Medical Devices are prone to a remote authentication-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device
Trust: 2.52
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | ge | model: | xeleris | scope: | eq | version: | 2.1 | Trust: 1.6 |
| vendor: | ge | model: | xeleris | scope: | eq | version: | 3.0 | Trust: 1.6 |
| vendor: | ge | model: | xeleris | scope: | eq | version: | 3.1 | Trust: 1.6 |
| vendor: | ge | model: | xeleris | scope: | eq | version: | 1.0 | Trust: 1.6 |
| vendor: | ge | model: | xeleris | scope: | eq | version: | 1.1 | Trust: 1.6 |
| vendor: | general | model: | electric xeleris | scope: | eq | version: | 1.0 | Trust: 0.9 |
| vendor: | general | model: | electric xeleris | scope: | eq | version: | 1.1 | Trust: 0.9 |
| vendor: | general | model: | electric xeleris | scope: | eq | version: | 2.1 | Trust: 0.9 |
| vendor: | general | model: | electric xeleris | scope: | eq | version: | 3.0 | Trust: 0.9 |
| vendor: | general | model: | electric xeleris | scope: | eq | version: | 3.1 | Trust: 0.9 |
| vendor: | ge healthcare | model: | xeleris | scope: | eq | version: | 1.0 | Trust: 0.8 |
| vendor: | ge healthcare | model: | xeleris | scope: | eq | version: | 1.1 | Trust: 0.8 |
| vendor: | ge healthcare | model: | xeleris | scope: | eq | version: | 2.1 | Trust: 0.8 |
| vendor: | ge healthcare | model: | xeleris | scope: | eq | version: | 3.0 | Trust: 0.8 |
| vendor: | ge healthcare | model: | xeleris | scope: | eq | version: | 3.1 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-798 | Trust: 1.8 |
| problemtype: | CWE-287 | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
trust management problem
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Xeleris 4.0 | url: | http://www3.gehealthcare.be/~/media/downloads/belgium/academy/benl%20flyer%20xeleris%2040%20no%20date.pdf?Parent=%7B3124477A-1ADF-44E7-9923-6B52781A40E8%7D | Trust: 0.8 |
| title: | Patch for GE Xeleris authentication bypass vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/122613 | Trust: 0.6 |
| title: | GE Xeleris Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79312 | Trust: 0.6 |
EXTERNAL IDS
| db: | ICS CERT | id: | ICSMA-18-037-02 | Trust: 3.4 |
| db: | NVD | id: | CVE-2017-14006 | Trust: 3.4 |
| db: | JVNDB | id: | JVNDB-2017-013012 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2018-05955 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201803-711 | Trust: 0.6 |
| db: | BID | id: | 103429 | Trust: 0.3 |
| db: | VULMON | id: | CVE-2017-14006 | Trust: 0.1 |
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsma-18-037-02 | Trust: 3.5 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14006 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-14006 | Trust: 0.8 |
| url: | https://www.ge.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/798.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
Scott Erven
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2018-05955 |
| db: | VULMON | id: | CVE-2017-14006 |
| db: | BID | id: | 103429 |
| db: | JVNDB | id: | JVNDB-2017-013012 |
| db: | CNNVD | id: | CNNVD-201803-711 |
| db: | NVD | id: | CVE-2017-14006 |
LAST UPDATE DATE
2024-08-14T13:33:50.485000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-05955 | date: | 2018-03-22T00:00:00 |
| db: | VULMON | id: | CVE-2017-14006 | date: | 2019-10-09T00:00:00 |
| db: | BID | id: | 103429 | date: | 2018-02-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-013012 | date: | 2018-05-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-201803-711 | date: | 2019-10-17T00:00:00 |
| db: | NVD | id: | CVE-2017-14006 | date: | 2019-10-09T23:23:43.030 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2018-05955 | date: | 2018-03-22T00:00:00 |
| db: | VULMON | id: | CVE-2017-14006 | date: | 2018-03-20T00:00:00 |
| db: | BID | id: | 103429 | date: | 2018-02-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-013012 | date: | 2018-05-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-201803-711 | date: | 2018-03-21T00:00:00 |
| db: | NVD | id: | CVE-2017-14006 | date: | 2018-03-20T16:29:00.373 |