CVE-2020-6964

Summary

CVE	CVE-2020-6964
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-01-24 17:15:00 UTC
Updated	2020-03-17 17:22:00 UTC
Description	In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.

Risk And Classification

Problem Types: CWE-306

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Gehealthcare	Apexpro Telemetry Server	-	All	All	All
Hardware	Gehealthcare	Apexpro Telemetry Server	-	All	All	All
Operating System	Gehealthcare	Apexpro Telemetry Server Firmware	All	All	All	All
Hardware	Gehealthcare	Carescape Central Station Mai700	-	All	All	All
Hardware	Gehealthcare	Carescape Central Station Mai700	-	All	All	All
Operating System	Gehealthcare	Carescape Central Station Mai700 Firmware	1.0	All	All	All
Operating System	Gehealthcare	Carescape Central Station Mai700 Firmware	2.0	All	All	All
Operating System	Gehealthcare	Carescape Central Station Mai700 Firmware	1.0	All	All	All
Operating System	Gehealthcare	Carescape Central Station Mai700 Firmware	2.0	All	All	All
Hardware	Gehealthcare	Carescape Central Station Mas700	-	All	All	All
Hardware	Gehealthcare	Carescape Central Station Mas700	-	All	All	All
Operating System	Gehealthcare	Carescape Central Station Mas700 Firmware	1.0	All	All	All
Operating System	Gehealthcare	Carescape Central Station Mas700 Firmware	2.0	All	All	All
Operating System	Gehealthcare	Carescape Central Station Mas700 Firmware	1.0	All	All	All
Operating System	Gehealthcare	Carescape Central Station Mas700 Firmware	2.0	All	All	All
Hardware	Gehealthcare	Carescape Telemetry Server Mp100r	-	All	All	All
Hardware	Gehealthcare	Carescape Telemetry Server Mp100r	-	All	All	All
Operating System	Gehealthcare	Carescape Telemetry Server Mp100r Firmware	All	All	All	All
Hardware	Gehealthcare	Clinical Information Center Mp100d	-	All	All	All
Hardware	Gehealthcare	Clinical Information Center Mp100d	-	All	All	All
Operating System	Gehealthcare	Clinical Information Center Mp100d Firmware	4.0	All	All	All
Operating System	Gehealthcare	Clinical Information Center Mp100d Firmware	5.0	All	All	All
Operating System	Gehealthcare	Clinical Information Center Mp100d Firmware	4.0	All	All	All
Operating System	Gehealthcare	Clinical Information Center Mp100d Firmware	5.0	All	All	All
Hardware	Gehealthcare	Clinical Information Center Mp100r	-	All	All	All
Hardware	Gehealthcare	Clinical Information Center Mp100r	-	All	All	All
Operating System	Gehealthcare	Clinical Information Center Mp100r Firmware	4.0	All	All	All
Operating System	Gehealthcare	Clinical Information Center Mp100r Firmware	5.0	All	All	All
Operating System	Gehealthcare	Clinical Information Center Mp100r Firmware	4.0	All	All	All
Operating System	Gehealthcare	Clinical Information Center Mp100r Firmware	5.0	All	All	All

References

Reference	Source	Link	Tags
GE CARESCAPE, ApexPro, and Clinical Information Center systems \| CISA	MISC	www.us-cert.gov	Third Party Advisory, US Government Resource
www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/geh...	MISC	www3.gehealthcare.com	Product
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.