This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gehealthcare First view 2015-08-04
Product Optima mr360 Firmware Last view 2020-12-14
Version Type Os
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:gehealthcare:optima_mr360_firmware:-:*:*:*:*:*:*:* 4

Related : CVE

  Date Alert Description
9.8 2020-12-14 CVE-2020-25179

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.

9.8 2020-12-14 CVE-2020-25175

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.

10 2015-08-04 CVE-2010-5308

GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default.

10 2015-08-04 CVE-2010-5307

The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-255 Credentials Management
25% (1) CWE-522 Insufficiently Protected Credentials
25% (1) CWE-200 Information Exposure