ICSMA-18-037-02 · Published 2018-03-13 · View on CISA ICS-CERT ↗

GE Medical Devices Vulnerability

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.

CVEs (23)

CVE-2010-5306 CVE-2009-5143 CVE-2013-7404 CVE-2014-7232 CVE-2010-5310 CVE-2014-7233 CVE-2012-6693 CVE-2012-6694 CVE-2012-6695 CVE-2013-7442 CVE-2017-14008 CVE-2011-5322 CVE-2007-6757 CVE-2003-1603 CVE-2001-1594 CVE-2010-5309 CVE-2010-5307 CVE-2017-14004 CVE-2004-2777 CVE-2017-14002 CVE-2002-2446 CVE-2012-6660 CVE-2017-14006

Remediations

GE has produced product updates that are available upon request, which replace default or hard-coded credentials with custom credentials for all but three of the affected products. GE's product updates are not available for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.
GE Healthcare provides updates on vulnerability management and other security information at the following URL: http://www3.gehealthcare.com/en/support/security

Affected Vendors

GE Healthcare

Affected Products (32)

GE Healthcare · Optima 520 vers:all/*

GE Healthcare · Optima 540 vers:all/*

GE Healthcare · Optima 640 vers:all/*

GE Healthcare · Optima 680 vers:all/*

GE Healthcare · Discovery NM530c < 1.003

GE Healthcare · Discovery NM750b < 2.003

GE Healthcare · Discovery XR656 vers:all/*

GE Healthcare · Discovery XR656 Plus vers:all/*

GE Healthcare · Revolution XQ/i vers:all/*

GE Healthcare · THUNIS-800+ vers:all/*

GE Healthcare · Centricity PACS Server vers:all/*

GE Healthcare · Centricity PACS RA1000 vers:all/*

GE Healthcare · Centricity PACS-IW vers:all/*

GE Healthcare · Centricity DMS vers:all/*

GE Healthcare · Discovery VH vers:all/*

GE Healthcare · Millenium VG vers:all/*

GE Healthcare · eNTEGRA 2.0/2.5 Processing and Review Workstation vers:all/*

GE Healthcare · CADstream vers:all/*

GE Healthcare · Optima MR360 vers:all/*

GE Healthcare · GEMNet License server (EchoServer) vers:all/*

GE Healthcare · Image Vault 3.x medical imaging software vers:all/*

GE Healthcare · Infinia vers:all/*

GE Healthcare · Infinia with Hawkeye 4 / 1 vers:all/*

GE Healthcare · Millenium MG vers:all/*

GE Healthcare · Millenium NC vers:all/*

GE Healthcare · Millenium MyoSIGHT vers:all/*

GE Healthcare · Precision MP/i vers:all/*

GE Healthcare · Xeleris 1.0 vers:all/*

GE Healthcare · Xeleris 1.1 vers:all/*

GE Healthcare · Xeleris 2.1 vers:all/*

GE Healthcare · Xeleris 3.0 vers:all/*

GE Healthcare · Xeleris 3.1 vers:all/*

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more