Vulnerability Description
GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gehealthcare | Optima Mr360 Firmware | - |
Related Weaknesses (CWE)
References
- http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.p
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
- https://twitter.com/digitalbond/status/619250429751222277
- http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.p
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
- https://twitter.com/digitalbond/status/619250429751222277
FAQ
What is CVE-2010-5308?
CVE-2010-5308 is a vulnerability with a CVSS score of 10.0 (HIGH). GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Lo...
How severe is CVE-2010-5308?
CVE-2010-5308 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-5308?
Check the references section above for vendor advisories and patch information. Affected products include: Gehealthcare Optima Mr360 Firmware.