Gehealthcare: >> Optima Mr360 Firmware Security Vulnerabilities
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-12-14
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-12-14
GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default.
CVSS Score
10.0
EPSS Score
0.006
Published
2015-08-04
The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.
CVSS Score
10.0
EPSS Score
0.006
Published
2015-08-04