Skip to main content

3 0T Signa Hdxt Firmware CVE-2020-25179

CRITICAL
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2020-12-14 ics-cert@hq.dhs.gov
Information Disclosure 3 0T Signa Hdxt Firmware 3 0T Signa Hd 16 Firmware 3 0T Signa Hd 23 Firmware 1 5T Brivo Mr355 Firmware Optima Mr360 Firmware Signa Hdi 1 5T Firmware Signa Vibrant Firmware Logiq 5 Bt03 Firmware Logiq 7 Bt03 Firmware Logiq 7 Bt04 Firmware Logiq 7 Bt06 Firmware Logiq 9 Bt02 Firmware Logiq 9 Bt03 Firmware Logiq 9 Bt04 Firmware Logiq 9 Bt06 Firmware Vivid I Bt06 Firmware Vivid 7 Bt02 Firmware Vivid 7 Bt06 Firmware Echopac Bt06 Firmware Image Vault Firmware Voluson 730 Bt05 Firmware Voluson 730 Bt08 Firmware Innova 2000 Firmware Innova 3100 Firmware Innova 4100 Firmware Innova 2100 Iq Firmware Innova 3100 Iq Firmware Innova 4100 Iq Firmware Innova 212 Iq Firmware Innova 313 Iq Firmware Optima 320 Firmware Optima Cl320I Firmware Optima Cl323I Firmware Optima Cl320 Firmware Optima 3100 Firmware Optima Igs 320 Firmware Optima Igs 330 Firmware Innova Igs 520 Firmware Innova Igs 530 Firmware Innova Igs 620 Firmware Innova Igs 630 Firmware Innova Igs 730 Firmware Brivo Xr118 Firmware Brivo Xr383 Firmware Brivo Xr515 Firmware Brivo Xr575 Firmware Brivo Definiu Firmware Definium 5000 Firmware Definium 6000 Firmware Definium 8000 Firmware Amx 700 Firmware Discovery Xr650 Firmware Discovery Xr656 Firmware Optima Xr640 Firmware Optima Xr646 Firmware Optima Xr220Amx Firmware Optima Xr200Amx Firmware Precision 500D Firmware Wdr1 Firmware Seno 200D Firmware Seno Ds Firmware Seno Essential Firmware Senographe Pristina Firmware Brightspeed Elite Firmware Brightspeed Elite Select Firmware Brightspeed Edge Firmware Brightspeed Edge Select Firmware Brivo Ct385 Firmware Discovery Ct590Rt Firmware Discovery Ct750Hd Firmware Lightspeed Vct Firmware Lightspeed Pro16 Firmware Lightspeed Rt16 Firmware Optima Advance Firmware Optima Ct520 Firmware Optima Ct540 Firmware Optima Ct660 Firmware Optima Ct580 Firmware Optima Ct580Rt Firmware Optima Ct580W Firmware Optima Ct670 Firmware Optima Ct68 Firmware Optima Quantum Firmware Optima Expert Professional Firmware Revolution Evo Firmware Revolution Hd Firmware Revolution Act Firmware Revolution Acts Firmware Revolution Ct Firmware Revolution Discovery Ct Firmware Revolution Frontier Firmware Revolution Frontier Es Firmware Brivo Nm 615 Firmware Discovery Nm 630 Firmware Discovery Nm 750B Firmware Discovery Nm D530C Firmware Discovery Nm Ct D570C Firmware Discovery Nm Ct 670 Firmware Infinia Firmware Discovery Nm830 Firmware Discovery Nm Ct 860 Firmware Discovery Nm Ct850 Firmware Discovery Nm Ct 870 Firmware Discovery Mi Mi Dr Firmware Discovery Iq Firmware Optima Nm Ct 640 Firmware Ventri Firmware Xeleris Firmware Pet Discovery Iq Firmware Pet Discovery Iq Upgrade Firmware Petrace 800 Firmware
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 14, 2020 - 17:15 nvd
CRITICAL 9.8

DescriptionNVD

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.

AnalysisAI

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-497. GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. Affected products include: Gehealthcare 3.0T Signa Hdxt Firmware, Gehealthcare 3.0T Signa Hd 16 Firmware, Gehealthcare 3.0T Signa Hd 23 Firmware, Gehealthcare 1.5T Brivo Mr355 Firmware, Gehealthcare Optima Mr360 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2020-25179 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy