Ge · Ge Pacsystems Rx3I Cpe100/115 · CVE-2019-13524
Name of the Vulnerable Software and Affected Versions:
GE PACSystems RX3i CPE100/115 versions prior to R9.85
GE PACSystems RX3i CPE302/305/310/330/400/410 versions prior to R9.90
GE PACSystems RX3i CRU/320 (all versions)
Description:
The issue allows an attacker to send specially manipulated packets, causing the module state to change to halt-mode. This results in a denial-of-service condition. To recover from halt-mode, an operator must reboot the CPU module after removing the battery or energy pack.
Recommendations:
For GE PACSystems RX3i CPE100/115 versions prior to R9.85, update to version R9.85 or later.
For GE PACSystems RX3i CPE302/305/310/330/400/410 versions prior to R9.90, update to version R9.90 or later.
For GE PACSystems RX3i CRU/320, since all versions are affected and it is end-of-life, consider replacing the module with a supported version.