Scott Erven

**Name of the Vulnerable Software and Affected Versions** GE Healthcare Discovery VH (affected versions not specified) **Description** The issue concerns default passwords for certain users. Specifically, the ftpclient user of the Interfile server has a default password of `interfile`, and the LOCAL user of the FTP server for the Codonics printer has a default password of `2`. The impact and attack vectors of this issue are not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE Healthcare Discovery 530C (affected versions not specified) **Description** The issue concerns the GE Healthcare Discovery 530C, where the `acqservice` and `wsservice` users of the Xeleris System have a password of `#bigguy1`. The impact and attack vectors of this issue are unspecified. It is unclear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE Healthcare Optima CT680, CT540, CT640, and CT520 (affected versions not specified) **Description** The issue concerns a default password for the root user, with the password being `#bigguy`. This default password has an unspecified impact and attack vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE Healthcare Optima MR360 (affected versions not specified) **Description** The issue concerns the HIPAA emergency login procedure, which does not require authentication. This allows physically proximate users to gain access using an arbitrary username in the Emergency Login screen. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE Healthcare Centricity Analytics Server version 1.1 **Description** The issue concerns default passwords for various users in the GE Healthcare Centricity Analytics Server. Specifically, the default passwords are: `V0yag3r` for the SQL Server `sa` user, `G3car3s` for the `analyst` user, `G3car3s` for the `ccg` user, `V0yag3r` for the `viewer` user, and `geservice` for the `geservice` user in the Webmin interface. The impact and attack vectors of this issue are not specified. **Recommendations** For GE Healthcare Centricity Analytics Server version 1.1, change the default passwords for all users, including the SQL Server `sa` user, `analyst` user, `ccg` user, `viewer` user, and `geservice` user in the Webmin interface, to strong, unique passwords to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** TeraRecon server versions 3.7.3.7 through 3.7.3.8 **Description** The issue concerns the TeraRecon server, which has a shared password for the shared user and a password 'scan' for the scan user. The impact and attack vectors of this issue are not specified. It is unclear whether these passwords are default, hardcoded, or dependent on another system. **Recommendations** For versions 3.7.3.7 and 3.7.3.8, consider changing the default passwords for the shared user and the scan user to unique, strong passwords to minimize potential risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE Healthcare Precision MPi (affected versions not specified) **Description** The issue concerns hardcoded passwords for different user roles. Specifically, the passwords are `orion` for the `serviceapp` user and the `clinical operator` user, and `PlatinumOne` for the `administrator` user. The impact and attack vectors of this issue are not clearly specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE Healthcare Centricity PACS version 4.0 Server **Description** The issue concerns default passwords for specific user accounts. The accounts in question are the nasro (ReadOnly) user with a default password of `nasro`, and the nasrw (Read/Write) user with a default password of `nasrw`. The impact and attack vectors of this issue are not specified. **Recommendations** For GE Healthcare Centricity PACS version 4.0 Server, change the default passwords of the nasro and nasrw user accounts to unique, strong passwords to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** GE Healthcare Centricity PACS Workstation versions 4.0 through 4.0.1 **Description** The issue concerns a password for the `ddpadmin` user, which is set to `ddpadmin`. The impact and attack vectors of this issue are not specified. It is unclear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. **Recommendations** For GE Healthcare Centricity PACS Workstation versions 4.0 through 4.0.1, consider changing the password for the `ddpadmin` user to a unique and secure value to minimize potential risks.

**Name of the Vulnerable Software and Affected Versions** GE Healthcare Discovery NM 750b (affected versions not specified) **Description** The issue concerns the use of a password '2getin' for the insite account, which is used for both Telnet and FTP access. The impact and attack vectors of this issue are not specified. It is unclear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE Healthcare Centricity PACS Workstation versions 4.0 through 4.0.1 **Description** The issue concerns hardcoded passwords for the Administrator and IIS users. The passwords are `CANal1` for the Administrator user and `iis` for the IIS user. This has unspecified impact and is related to TimbuktuPro, with unclear details on whether these passwords are default, hardcoded, or dependent on another system. **Recommendations** For GE Healthcare Centricity PACS Workstation versions 4.0 through 4.0.1, change the default passwords for the Administrator and IIS users to strong, unique passwords to mitigate potential risks. As a temporary workaround, consider restricting access to the system until the passwords can be changed.