CVE-2020-6962 — CRITICAL (10.0)

Q: How severe is CVE-2020-6962?

CVE-2020-6962 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-6962?

Check the references section above for vendor advisories and patch information. Affected products include: Gehealthcare Apexpro Telemetry Server Firmware, Gehealthcare Apexpro Telemetry Server, Gehealthcare Carescape B450 Monitor Firmware, Gehealthcare Carescape B450 Monitor, Gehealthcare Carescape B650 Monitor Firmware.

Vulnerability Description

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gehealthcare	Apexpro Telemetry Server Firmware	<= 4.2
Gehealthcare	Apexpro Telemetry Server	-
Gehealthcare	Carescape B450 Monitor Firmware	2.0
Gehealthcare	Carescape B450 Monitor	-
Gehealthcare	Carescape B650 Monitor Firmware	1.0
Gehealthcare	Carescape B650 Monitor	-
Gehealthcare	Carescape B850 Monitor Firmware	1.0
Gehealthcare	Carescape B850 Monitor	-
Gehealthcare	Carescape Central Station Mai700 Firmware	1.0
Gehealthcare	Carescape Central Station Mai700	-
Gehealthcare	Carescape Central Station Mas700 Firmware	1.0
Gehealthcare	Carescape Central Station Mas700	-
Gehealthcare	Clinical Information Center Mp100D Firmware	4.0
Gehealthcare	Clinical Information Center Mp100D	-
Gehealthcare	Clinical Information Center Mp100R Firmware	4.0
Gehealthcare	Clinical Information Center Mp100R	-
Gehealthcare	Carescape Telemetry Server Mp100R Firmware	<= 4.2
Gehealthcare	Carescape Telemetry Server Mp100R	-

Related Weaknesses (CWE)

CWE-20

References

https://www.us-cert.gov/ics/advisories/icsma-20-023-01Third Party AdvisoryUS Government Resource
https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-reProduct
https://www.us-cert.gov/ics/advisories/icsma-20-023-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-6962?

CVE-2020-6962 is a vulnerability with a CVSS score of 10.0 (CRITICAL). In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE ...

How severe is CVE-2020-6962?

CVE-2020-6962 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-6962?

Check the references section above for vendor advisories and patch information. Affected products include: Gehealthcare Apexpro Telemetry Server Firmware, Gehealthcare Apexpro Telemetry Server, Gehealthcare Carescape B450 Monitor Firmware, Gehealthcare Carescape B450 Monitor, Gehealthcare Carescape B650 Monitor Firmware.