Vulnerability Details CVE-2020-6966
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.2%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 10.0
References
Products affected by CVE-2020-6966
-
cpe:2.3:h:gehealthcare:apexpro_telemetry_server:-
-
cpe:2.3:h:gehealthcare:carescape_central_station_mai700:-
-
cpe:2.3:h:gehealthcare:carescape_central_station_mas700:-
-
cpe:2.3:h:gehealthcare:carescape_telemetry_server_mp100r:-
-
cpe:2.3:h:gehealthcare:clinical_information_center_mp100d:-
-
cpe:2.3:h:gehealthcare:clinical_information_center_mp100r:-
-
cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:3.9
-
cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:4.0
-
cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:4.1
-
cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:4.2
-
cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:1.0
-
cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:1.0
-
cpe:2.3:o:gehealthcare:carescape_telemetry_server_mp100r_firmware:4.2
-
cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:4.0
-
cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:5.0
-
cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:4.0
-
cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:5.0