Vulnerability Description
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gehealthcare | Centricity Image Vault Firmware | All versions |
Related Weaknesses (CWE)
References
- http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA&DIRE
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
- https://twitter.com/digitalbond/status/619250429751222277
- http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA&DIRE
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
- https://twitter.com/digitalbond/status/619250429751222277
FAQ
What is CVE-2004-2777?
CVE-2004-2777 is a vulnerability with a CVSS score of 10.0 (HIGH). GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value fo...
How severe is CVE-2004-2777?
CVE-2004-2777 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2777?
Check the references section above for vendor advisories and patch information. Affected products include: Gehealthcare Centricity Image Vault Firmware.