CVE-2020-6966 — CRITICAL (10.0)

Q: How severe is CVE-2020-6966?

CVE-2020-6966 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-6966?

Check the references section above for vendor advisories and patch information. Affected products include: Gehealthcare Apexpro Telemetry Server Firmware, Gehealthcare Apexpro Telemetry Server, Gehealthcare Carescape Central Station Mai700 Firmware, Gehealthcare Carescape Central Station Mai700, Gehealthcare Carescape Central Station Mas700 Firmware.

Vulnerability Description

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gehealthcare	Apexpro Telemetry Server Firmware	<= 4.2
Gehealthcare	Apexpro Telemetry Server	-
Gehealthcare	Carescape Central Station Mai700 Firmware	1.0
Gehealthcare	Carescape Central Station Mai700	-
Gehealthcare	Carescape Central Station Mas700 Firmware	1.0
Gehealthcare	Carescape Central Station Mas700	-
Gehealthcare	Clinical Information Center Mp100D Firmware	4.0
Gehealthcare	Clinical Information Center Mp100D	-
Gehealthcare	Clinical Information Center Mp100R Firmware	4.0
Gehealthcare	Clinical Information Center Mp100R	-
Gehealthcare	Carescape Telemetry Server Mp100R Firmware	<= 4.2
Gehealthcare	Carescape Telemetry Server Mp100R	-

Related Weaknesses (CWE)

CWE-326

References

https://www.us-cert.gov/ics/advisories/icsma-20-023-01Third Party AdvisoryUS Government Resource
https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-reProduct
https://www.us-cert.gov/ics/advisories/icsma-20-023-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-6966?

CVE-2020-6966 is a vulnerability with a CVSS score of 10.0 (CRITICAL). In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the ...

How severe is CVE-2020-6966?

CVE-2020-6966 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-6966?

Check the references section above for vendor advisories and patch information. Affected products include: Gehealthcare Apexpro Telemetry Server Firmware, Gehealthcare Apexpro Telemetry Server, Gehealthcare Carescape Central Station Mai700 Firmware, Gehealthcare Carescape Central Station Mai700, Gehealthcare Carescape Central Station Mas700 Firmware.