CVE-2020-6961 — CRITICAL (10.0)

Q: How severe is CVE-2020-6961?

CVE-2020-6961 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-6961?

Check the references section above for vendor advisories and patch information. Affected products include: Gehealthcare Apexpro Telemetry Server Firmware, Gehealthcare Apexpro Telemetry Server, Gehealthcare Carescape Central Station Mai700 Firmware, Gehealthcare Carescape Central Station Mai700, Gehealthcare Carescape Central Station Mas700 Firmware.

Vulnerability Description

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gehealthcare	Apexpro Telemetry Server Firmware	<= 4.2
Gehealthcare	Apexpro Telemetry Server	-
Gehealthcare	Carescape Central Station Mai700 Firmware	1.0
Gehealthcare	Carescape Central Station Mai700	-
Gehealthcare	Carescape Central Station Mas700 Firmware	1.0
Gehealthcare	Carescape Central Station Mas700	-
Gehealthcare	Clinical Information Center Mp100D Firmware	4.0
Gehealthcare	Clinical Information Center Mp100D	-
Gehealthcare	Clinical Information Center Mp100R Firmware	4.0
Gehealthcare	Clinical Information Center Mp100R	-
Gehealthcare	Carescape Telemetry Server Mp100R Firmware	<= 4.2
Gehealthcare	Carescape Telemetry Server Mp100R	-

Related Weaknesses (CWE)

CWE-522 CWE-256

References

https://www.us-cert.gov/ics/advisories/icsma-20-023-01Third Party AdvisoryUS Government Resource
https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-reProduct
https://www.us-cert.gov/ics/advisories/icsma-20-023-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-6961?

CVE-2020-6961 is a vulnerability with a CVSS score of 10.0 (CRITICAL). In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE ...

How severe is CVE-2020-6961?

CVE-2020-6961 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-6961?

Check the references section above for vendor advisories and patch information. Affected products include: Gehealthcare Apexpro Telemetry Server Firmware, Gehealthcare Apexpro Telemetry Server, Gehealthcare Carescape Central Station Mai700 Firmware, Gehealthcare Carescape Central Station Mai700, Gehealthcare Carescape Central Station Mas700 Firmware.