PT-2018-5609 · Ge · Ge Xeleris

Published

2018-03-20

Updated

2019-10-09

CVE-2017-14006

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: GE Xeleris versions 1.0, 1.1, 2.1, 3.0, 3.1

Description: The issue concerns medical imaging systems where devices use default or hard-coded credentials. This may allow a remote attacker to bypass authentication and gain access to the affected devices.

Recommendations: For GE Xeleris versions 1.0, 1.1, 2.1, 3.0, 3.1, consider changing the default or hard-coded credentials to unique and strong passwords to prevent unauthorized access. As a temporary workaround, restrict remote access to the devices until a more permanent solution is available. Avoid using default or hard-coded credentials in the affected devices to minimize the risk of exploitation.

Fix

Using Hardcoded Credentials

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-287

Related Identifiers

CVE-2017-14006

Affected Products

Ge Xeleris

PT-2018-5609 · Ge · Ge Xeleris

CVE-2017-14006

Weakness Enumeration

Related Identifiers

Affected Products

References · 3