CVE-2010-5308

Published: Aug 4, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default.

Affected (1)

Products: Gehealthcare: Optima Mr360 Firmware

1 product

Optima Mr360 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gehealthcare Optima Mr360 Firmware	All versions

Related CWEs

References (6)

http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4

Source: cve@mitre.org

http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/

Source: cve@mitre.org

https://twitter.com/digitalbond/status/619250429751222277

Source: cve@mitre.org

http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/

Source: af854a3a-2127-422b-91ae-364da2661108

https://twitter.com/digitalbond/status/619250429751222277

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.