CVE-2019-13524

Name of the Vulnerable Software and Affected Versions: GE PACSystems RX3i CPE100/115 versions prior to R9.85 GE PACSystems RX3i CPE302/305/310/330/400/410 versions prior to R9.90 GE PACSystems RX3i CRU/320 (all versions)

Description: The issue allows an attacker to send specially manipulated packets, causing the module state to change to halt-mode. This results in a denial-of-service condition. To recover from halt-mode, an operator must reboot the CPU module after removing the battery or energy pack.

Recommendations: For GE PACSystems RX3i CPE100/115 versions prior to R9.85, update to version R9.85 or later. For GE PACSystems RX3i CPE302/305/310/330/400/410 versions prior to R9.90, update to version R9.90 or later. For GE PACSystems RX3i CRU/320, since all versions are affected and it is end-of-life, consider replacing the module with a supported version.