← Back

CVE-2020-6965

nvd nist
Published: Jan 24, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.9
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitability: 3.1 / Impact: 6.0
Source: NVD

Description

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.

Affected (13)

Gehealthcare
9 products
Apexpro Telemetry Server Firmware
Carescape B450 Monitor Firmware
Carescape B650 Monitor Firmware
Carescape B850 Monitor Firmware
Carescape Central Station Mai700 Firmware
Carescape Central Station Mas700 Firmware
Clinical Information Center Mp100d Firmware
Clinical Information Center Mp100r Firmware
Carescape Telemetry Server Mp100r Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Apexpro Telemetry Server Firmware
Up to 4.2
Running on/withPlatform Versions
Gehealthcare
Apexpro Telemetry Server
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Carescape B450 Monitor Firmware
Version 2.0
Running on/withPlatform Versions
Gehealthcare
Carescape B450 Monitor
All versions
Configuration C
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gehealthcare
Carescape B650 Monitor Firmware
Version 1.0
Carescape B650 Monitor Firmware
Version 2.0
Running on/withPlatform Versions
Gehealthcare
Carescape B650 Monitor
All versions
Configuration D
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gehealthcare
Carescape B850 Monitor Firmware
Version 1.0
Carescape B850 Monitor Firmware
Version 2.0
Running on/withPlatform Versions
Gehealthcare
Carescape B850 Monitor
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Carescape Central Station Mai700 Firmware
Version 1.0
Running on/withPlatform Versions
Gehealthcare
Carescape Central Station Mai700
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Carescape Central Station Mas700 Firmware
Version 1.0
Running on/withPlatform Versions
Gehealthcare
Carescape Central Station Mas700
All versions
Configuration G
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gehealthcare
Clinical Information Center Mp100d Firmware
Version 4.0
Clinical Information Center Mp100d Firmware
Version 5.0
Running on/withPlatform Versions
Gehealthcare
Clinical Information Center Mp100d
All versions
Configuration H
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gehealthcare
Clinical Information Center Mp100r Firmware
Version 4.0
Clinical Information Center Mp100r Firmware
Version 5.0
Running on/withPlatform Versions
Gehealthcare
Clinical Information Center Mp100r
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Carescape Telemetry Server Mp100r Firmware
Up to 4.2
Running on/withPlatform Versions
Gehealthcare
Carescape Telemetry Server Mp100r
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (3)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: nvd@nist.gov
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.