ICSMA-20-049-02 · Published 2024-05-16 · View on CISA ICS-CERT ↗

GE Healthcare Ultrasound products (Update A)

CVSS 8.4 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker with physical access to gain access to the operating system of affected devices.

CVEs (2)

CVE-2020-6977 CVE-2024-1486

Remediations

GE Healthcare recommends organizations restrict physical access to devices by unauthorized individuals. Additionally, where available, GE Healthcare recommends users enable the "system lock" password in the Administration GUI menu if possible. This will require a password to be entered before the system can be accessed. The ‘system lock' would limit non-authenticated users from accessing the application.
GE Healthcare recommends that users with questions reach out to a GE Healthcare service representative and users with an active support account visit the GE Healthcare product security portal (login required).

Affected Vendors

GE Healthcare

Affected Products (6)

GE Healthcare · Vivid products, not including EchoPAC vers:all/*

GE Healthcare · LOGIQ, not including LOGIQ 100 Pro vers:all/*

GE Healthcare · Voluson, not including ImageVault vers:all/*

GE Healthcare · Versana Essential vers:all/*

GE Healthcare · Invenia ABUS Scan station, not including VScan product line vers:all/*

GE Healthcare · Venue, not including Venue 40 R1-3 and Venue 50 R4-5 vers:all/*

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more