Gehealthcare

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-25179 1Gehealthcare 1111.5t Brivo Mr355 Firmware 3.0t Signa Hd 16 Firmware3.0t Signa Hd 23 Firmware+108 more Nov 21, 2024 Dec 14, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
CVE-2020-25175 1Gehealthcare 1111.5t Brivo Mr355 Firmware 3.0t Signa Hd 16 Firmware3.0t Signa Hd 23 Firmware+108 more Nov 21, 2024 Dec 14, 2020 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
CVE-2020-6966 1Gehealthcare 6Apexpro Telemetry Server Firmware Carescape Central Station Mai700 FirmwareCarescape Central Station Mas700 Firmware+3 more Nov 21, 2024 Jan 24, 2020 N/A· v4 10.0 CRITICAL· v3 10.0 HIGH· v2 In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products ut...Show more In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.Show less
CVE-2020-6965 1Gehealthcare 9Apexpro Telemetry Server Firmware Carescape B450 Monitor FirmwareCarescape B650 Monitor Firmware+6 more Nov 21, 2024 Jan 24, 2020 N/A· v4 9.9 CRITICAL· v3 6.5 MEDIUM· v2 In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 V...Show more In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.Show less
CVE-2020-6964 1Gehealthcare 6Apexpro Telemetry Server Firmware Carescape Central Station Mai700 FirmwareCarescape Central Station Mas700 Firmware+3 more Nov 21, 2024 Jan 24, 2020 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Sta...Show more In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.Show less
CVE-2020-6963 1Gehealthcare 6Apexpro Telemetry Server Firmware Carescape Central Station Mai700 FirmwareCarescape Central Station Mas700 Firmware+3 more Nov 21, 2024 Jan 24, 2020 N/A· v4 10.0 CRITICAL· v3 10.0 HIGH· v2 In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products ut...Show more In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.Show less
CVE-2020-6962 1Gehealthcare 9Apexpro Telemetry Server Firmware Carescape B450 Monitor FirmwareCarescape B650 Monitor Firmware+6 more Nov 21, 2024 Jan 24, 2020 N/A· v4 10.0 CRITICAL· v3 10.0 HIGH· v2 In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSC...Show more In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.Show less
CVE-2020-6961 1Gehealthcare 6Apexpro Telemetry Server Firmware Carescape Central Station Mai700 FirmwareCarescape Central Station Mas700 Firmware+3 more Nov 21, 2024 Jan 24, 2020 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSC...Show more In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.Show less
CVE-2014-9736 1Gehealthcare 1Centricity Clinical Archive Audit Trail Repository May 6, 2026 Aug 4, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (...Show more GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors.Show less
CVE-2014-7233 1Gehealthcare 1Precision Thunis 800+ May 6, 2026 Aug 4, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSAS...Show more GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.Show less
CVE-2014-7232 1Gehealthcare 2Discovery Xr656 Discovery Xr656 G2 May 6, 2026 Aug 4, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it...Show more GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.Show less
CVE-2013-7442 1Gehealthcare 1Centricity Pacs Workstation May 6, 2026 Aug 4, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE:...Show more GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.Show less
CVE-2013-7405 1Gehealthcare 1Centricity Dms May 6, 2026 Aug 4, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is d...Show more The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.Show less
CVE-2013-7404 1Gehealthcare 1Discovery Nm 750b May 6, 2026 Aug 4, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardco...Show more GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.Show less
CVE-2012-6695 1Gehealthcare 1Centricity Pacs Workstation May 6, 2026 Aug 4, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcode...Show more GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.Show less
CVE-2012-6694 1Gehealthcare 2Centricity Pacs Server Centricity Pacs Workstation May 6, 2026 Aug 4, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear...Show more GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.Show less
CVE-2012-6693 1Gehealthcare 1Centricity Pacs Server May 6, 2026 Aug 4, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors.
CVE-2012-6660 1Gehealthcare 1Precision Mpi May 6, 2026 Aug 4, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors....Show more GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.Show less
CVE-2011-5324 1Gehealthcare 1Centricity Pacs Iw May 6, 2026 Aug 4, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impa...Show more The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.Show less
CVE-2011-5323 1Gehealthcare 1Centricity Pacs Iw May 6, 2026 Aug 4, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this...Show more GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.Show less

12 Next