PT-2020-19311 · Ge Healthcare · Apexpro Telemetry Server+3

Published

2020-01-24

Updated

2020-03-17

CVE-2020-6963

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ApexPro Telemetry Server versions 4.2 and prior CARESCAPE Telemetry Server versions 4.2 and prior Clinical Information Center (CIC) versions 4.X and 5.X CARESCAPE Central Station (CSCS) versions 1.X

Description The affected products use hard-coded SMB credentials, which could allow an attacker to remotely execute arbitrary code.

Recommendations For ApexPro Telemetry Server versions 4.2 and prior, update to a version that does not use hard-coded SMB credentials. For CARESCAPE Telemetry Server versions 4.2 and prior, update to a version that does not use hard-coded SMB credentials. For Clinical Information Center (CIC) versions 4.X and 5.X, update to a version that does not use hard-coded SMB credentials. For CARESCAPE Central Station (CSCS) versions 1.X, update to a version that does not use hard-coded SMB credentials.

Fix

Using Hardcoded Credentials

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-20

Related Identifiers

CVE-2020-6963

Affected Products

Apexpro Telemetry Server

Carescape Central Station

Carescape Telemetry Server

Clinical Information Center

PT-2020-19311 · Ge Healthcare · Apexpro Telemetry Server+3

CVE-2020-6963

Weakness Enumeration

Related Identifiers

Affected Products

References · 4