CVE-2020-6962: Input Validation
First published: Fri Jan 24 2020(Updated: )
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gehealthcare Apexpro Telemetry Server Firmware | <=4.2 | |
| Gehealthcare Apexpro Telemetry Server Firmware | =4.3 | |
| Gehealthcare Apexpro Telemetry Server | ||
| Gehealthcare Carescape B450 Monitor Firmware | =2.0 | |
| Gehealthcare Carescape B450 Monitor | ||
| Gehealthcare Carescape B650 Monitor Firmware | =1.0 | |
| Gehealthcare Carescape B650 Monitor Firmware | =2.0 | |
| Gehealthcare Carescape B650 Monitor | ||
| Gehealthcare Carescape B850 Monitor Firmware | =1.0 | |
| Gehealthcare Carescape B850 Monitor Firmware | =2.0 | |
| Gehealthcare Carescape B850 Monitor | ||
| Gehealthcare Carescape Central Station Mai700 Firmware | =1.0 | |
| Gehealthcare Carescape Central Station Mai700 Firmware | =2.0 | |
| Gehealthcare Carescape Central Station Mai700 | ||
| Gehealthcare Carescape Central Station Mas700 Firmware | =1.0 | |
| Gehealthcare Carescape Central Station Mas700 Firmware | =2.0 | |
| Gehealthcare Carescape Central Station Mas700 | ||
| Gehealthcare Clinical Information Center Mp100d Firmware | =4.0 | |
| Gehealthcare Clinical Information Center Mp100d Firmware | =5.0 | |
| Gehealthcare Clinical Information Center Mp100d | ||
| Gehealthcare Clinical Information Center Mp100r Firmware | =4.0 | |
| Gehealthcare Clinical Information Center Mp100r Firmware | =5.0 | |
| Gehealthcare Clinical Information Center Mp100r | ||
| Gehealthcare Carescape Telemetry Server Mp100r Firmware | <=4.2 | |
| Gehealthcare Carescape Telemetry Server Mp100r Firmware | =4.3 | |
| Gehealthcare Carescape Telemetry Server Mp100r |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6962?
The severity of CVE-2020-6962 is critical with a severity value of 10.
What software versions are affected by CVE-2020-6962?
ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X.
How can I fix CVE-2020-6962?
To fix CVE-2020-6962, update to a version that is not vulnerable.
Where can I find more information about CVE-2020-6962?
You can find more information about CVE-2020-6962 at the following links: [US-CERT Advisory](https://www.us-cert.gov/ics/advisories/icsma-20-023-01), [GE Healthcare Gateway Project Implementation Guide](https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf)
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/gehealthcare
- canonical/gehealthcare apexpro telemetry server firmware
- version/gehealthcare apexpro telemetry server firmware/4.2
- version/gehealthcare apexpro telemetry server firmware/4.3
- canonical/gehealthcare apexpro telemetry server
- canonical/gehealthcare carescape b450 monitor firmware
- version/gehealthcare carescape b450 monitor firmware/2.0
- canonical/gehealthcare carescape b450 monitor
- canonical/gehealthcare carescape b650 monitor firmware
- version/gehealthcare carescape b650 monitor firmware/1.0
- version/gehealthcare carescape b650 monitor firmware/2.0
- canonical/gehealthcare carescape b650 monitor
- canonical/gehealthcare carescape b850 monitor firmware
- version/gehealthcare carescape b850 monitor firmware/1.0
- version/gehealthcare carescape b850 monitor firmware/2.0
- canonical/gehealthcare carescape b850 monitor
- canonical/gehealthcare carescape central station mai700 firmware
- version/gehealthcare carescape central station mai700 firmware/1.0
- version/gehealthcare carescape central station mai700 firmware/2.0
- canonical/gehealthcare carescape central station mai700
- canonical/gehealthcare carescape central station mas700 firmware
- version/gehealthcare carescape central station mas700 firmware/1.0
- version/gehealthcare carescape central station mas700 firmware/2.0
- canonical/gehealthcare carescape central station mas700
- canonical/gehealthcare clinical information center mp100d firmware
- version/gehealthcare clinical information center mp100d firmware/4.0
- version/gehealthcare clinical information center mp100d firmware/5.0
- canonical/gehealthcare clinical information center mp100d
- canonical/gehealthcare clinical information center mp100r firmware
- version/gehealthcare clinical information center mp100r firmware/4.0
- version/gehealthcare clinical information center mp100r firmware/5.0
- canonical/gehealthcare clinical information center mp100r
- canonical/gehealthcare carescape telemetry server mp100r firmware
- version/gehealthcare carescape telemetry server mp100r firmware/4.2
- version/gehealthcare carescape telemetry server mp100r firmware/4.3
- canonical/gehealthcare carescape telemetry server mp100r