CVE-2020-25179 (GCVE-0-2020-25179)
Vulnerability from cvelistv5
Published
2020-12-14 16:12
Modified
2024-08-04 15:26
Severity ?
CWE
  • CWE-497 - EXPOSURE OF SENSITIVE SYSTEM INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE
Summary
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
References
Impacted products
Vendor Product Version
n/a GE Healthcare Imaging and Ultrasound Products Version: MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women’s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 , Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330
Version: Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575
Version: Definium 5000, 6000, 8000, AMX 700
Version: Discovery XR650, XR656, XR656+
Version: Optima XR640, XR646, XR220amx, XR200amx
Version: Precision 500D, WDR1 Mammography Seno 200D, DS, Essential
Version: Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert & Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:26:09.485Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GE Healthcare Imaging and Ultrasound Products",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 , Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
            },
            {
              "status": "affected",
              "version": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
            },
            {
              "status": "affected",
              "version": "Definium 5000, 6000, 8000, AMX 700"
            },
            {
              "status": "affected",
              "version": "Discovery XR650, XR656, XR656+"
            },
            {
              "status": "affected",
              "version": "Optima XR640, XR646, XR220amx, XR200amx"
            },
            {
              "status": "affected",
              "version": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
            },
            {
              "status": "affected",
              "version": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "EXPOSURE OF SENSITIVE SYSTEM INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T16:12:36",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-25179",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GE Healthcare Imaging and Ultrasound Products",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MR 3.0T Signa HDxt / 3.0T Signa HDx, versions HD 16, HD23 1.5T Brivo MR355 / Optima MR360, versions SV20.1, SV23.0 1.5T Signa HDx / 1.5T Signa HDx, Signa HDi / Signa VIBRANT, versions HD16, HD23 Ultrasound, General Imaging LOGIQ 5 [BT03], LOGIQ 7 (BT03, BT04, BT06], LOGIQ 9 [BT02, BT03, BT04, BT06] Ultrasound, Cardiovascular Vivid I [BT06], Vivid 7 {BT02-BT06], EchoPAC (Turnkey) [BT06], Image Vault (Turnkey) [4.3] Ultrasound, Women\u2019s Health Voluson 730 [BT05, BT08] Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 , Interventional Innova 2000, 3100, 4100, 2100-IQ, 3100-IQ, 4100-IQ, 212-IQ, 313-IQ Optima 320, CL320i, CL323i, CL320, 3100 Optima IGS 320, 330"
                          },
                          {
                            "version_value": "Innova IGS 5x0, 6x0, 7x0 Advanced Visualization AW 4.0 to AW 4.6, AWS2.0 to AW3.0 X-Ray Brivo XR118, XR383, XR515, XR575"
                          },
                          {
                            "version_value": "Definium 5000, 6000, 8000, AMX 700"
                          },
                          {
                            "version_value": "Discovery XR650, XR656, XR656+"
                          },
                          {
                            "version_value": "Optima XR640, XR646, XR220amx, XR200amx"
                          },
                          {
                            "version_value": "Precision 500D, WDR1 Mammography Seno 200D, DS, Essential"
                          },
                          {
                            "version_value": "Senographe Pristina Computed Tomography BrightSpeed Elite, Elite Select, Edge, Edge Select Brivo CT385 Discovery CT590RT, CT750HD LightSpeed VCT, Pro16, RT16 Optima Advance, CT520, CT540, CT660, CT580, CT580RT, CT580W, CT670, CT680 Quantum, Expert \u0026 Professional Revolution EVO,HD,ACT, ACTs, CT, Discovery CT, Frontier, Frontier ES Nuclear Medicine, PET/CT Brivo NM 615 Discovery NM 630, NM 750b, NM D530c, NM/CT D570c, NM/CT 670 Infinia Discovery NM830, NM/CT 860, NM/CT850, NM/CT 870"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "EXPOSURE OF SENSITIVE SYSTEM INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-25179",
    "datePublished": "2020-12-14T16:12:36",
    "dateReserved": "2020-09-04T00:00:00",
    "dateUpdated": "2024-08-04T15:26:09.485Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.