CVE-2020-6964 — HIGH (8.6) — White Hats Nepal

Q: How severe is CVE-2020-6964?

CVE-2020-6964 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-6964?

Check the references section above for vendor advisories and patch information. Affected products include: Gehealthcare Apexpro Telemetry Server Firmware, Gehealthcare Apexpro Telemetry Server, Gehealthcare Carescape Central Station Mai700 Firmware, Gehealthcare Carescape Central Station Mai700, Gehealthcare Carescape Central Station Mas700 Firmware.

Vulnerability Description

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Gehealthcare	Apexpro Telemetry Server Firmware	<= 4.2
Gehealthcare	Apexpro Telemetry Server	-
Gehealthcare	Carescape Central Station Mai700 Firmware	1.0
Gehealthcare	Carescape Central Station Mai700	-
Gehealthcare	Carescape Central Station Mas700 Firmware	1.0
Gehealthcare	Carescape Central Station Mas700	-
Gehealthcare	Clinical Information Center Mp100D Firmware	4.0
Gehealthcare	Clinical Information Center Mp100D	-
Gehealthcare	Clinical Information Center Mp100R Firmware	4.0
Gehealthcare	Clinical Information Center Mp100R	-
Gehealthcare	Carescape Telemetry Server Mp100R Firmware	<= 4.2
Gehealthcare	Carescape Telemetry Server Mp100R	-

Related Weaknesses (CWE)

CWE-306

References

https://www.us-cert.gov/ics/advisories/icsma-20-023-01Third Party AdvisoryUS Government Resource
https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-reProduct
https://www.us-cert.gov/ics/advisories/icsma-20-023-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-6964?

CVE-2020-6964 is a vulnerability with a CVSS score of 8.6 (HIGH). In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and C...

How severe is CVE-2020-6964?

CVE-2020-6964 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-6964?

Check the references section above for vendor advisories and patch information. Affected products include: Gehealthcare Apexpro Telemetry Server Firmware, Gehealthcare Apexpro Telemetry Server, Gehealthcare Carescape Central Station Mai700 Firmware, Gehealthcare Carescape Central Station Mai700, Gehealthcare Carescape Central Station Mas700 Firmware.