CVE-2020-6963: Input Validation
First published: Fri Jan 24 2020(Updated: )
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gehealthcare Apexpro Telemetry Server Firmware | <=4.2 | |
| Gehealthcare Apexpro Telemetry Server | ||
| Gehealthcare Carescape Central Station Mai700 Firmware | =1.0 | |
| Gehealthcare Carescape Central Station Mai700 | ||
| Gehealthcare Carescape Central Station Mas700 Firmware | =1.0 | |
| Gehealthcare Carescape Central Station Mas700 | ||
| Gehealthcare Clinical Information Center Mp100d Firmware | =4.0 | |
| Gehealthcare Clinical Information Center Mp100d Firmware | =5.0 | |
| Gehealthcare Clinical Information Center Mp100d | ||
| Gehealthcare Clinical Information Center Mp100r Firmware | =4.0 | |
| Gehealthcare Clinical Information Center Mp100r Firmware | =5.0 | |
| Gehealthcare Clinical Information Center Mp100r | ||
| Gehealthcare Carescape Telemetry Server Mp100r Firmware | <=4.2 | |
| Gehealthcare Carescape Telemetry Server Mp100r |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-6963.
What is the severity of CVE-2020-6963?
The severity of CVE-2020-6963 is critical.
Which products are affected by CVE-2020-6963?
ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, and CARESCAPE Central Station (CSCS) Versions 1.X are affected by CVE-2020-6963.
What is the impact of CVE-2020-6963?
CVE-2020-6963 may allow an attacker to remotely execute commands.
Are there any fixes or patches available for CVE-2020-6963?
It is recommended to refer to the vendor's advisories and implementation guide for instructions on addressing CVE-2020-6963.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/gehealthcare
- canonical/gehealthcare apexpro telemetry server firmware
- version/gehealthcare apexpro telemetry server firmware/4.2
- canonical/gehealthcare apexpro telemetry server
- canonical/gehealthcare carescape central station mai700 firmware
- version/gehealthcare carescape central station mai700 firmware/1.0
- canonical/gehealthcare carescape central station mai700
- canonical/gehealthcare carescape central station mas700 firmware
- version/gehealthcare carescape central station mas700 firmware/1.0
- canonical/gehealthcare carescape central station mas700
- canonical/gehealthcare clinical information center mp100d firmware
- version/gehealthcare clinical information center mp100d firmware/4.0
- version/gehealthcare clinical information center mp100d firmware/5.0
- canonical/gehealthcare clinical information center mp100d
- canonical/gehealthcare clinical information center mp100r firmware
- version/gehealthcare clinical information center mp100r firmware/4.0
- version/gehealthcare clinical information center mp100r firmware/5.0
- canonical/gehealthcare clinical information center mp100r
- canonical/gehealthcare carescape telemetry server mp100r firmware
- version/gehealthcare carescape telemetry server mp100r firmware/4.2
- canonical/gehealthcare carescape telemetry server mp100r