CVE-2020-6965: Input Validation
First published: Fri Jan 24 2020(Updated: )
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gehealthcare Apexpro Telemetry Server Firmware | <=4.2 | |
| Gehealthcare Apexpro Telemetry Server | ||
| Gehealthcare Carescape B450 Monitor Firmware | =2.0 | |
| Gehealthcare Carescape B450 Monitor | ||
| Gehealthcare Carescape B650 Monitor Firmware | =1.0 | |
| Gehealthcare Carescape B650 Monitor Firmware | =2.0 | |
| Gehealthcare Carescape B650 Monitor | ||
| Gehealthcare Carescape B850 Monitor Firmware | =1.0 | |
| Gehealthcare Carescape B850 Monitor Firmware | =2.0 | |
| Gehealthcare Carescape B850 Monitor | ||
| Gehealthcare Carescape Central Station Mai700 Firmware | =1.0 | |
| Gehealthcare Carescape Central Station Mai700 | ||
| Gehealthcare Carescape Central Station Mas700 Firmware | =1.0 | |
| Gehealthcare Carescape Central Station Mas700 | ||
| Gehealthcare Clinical Information Center Mp100d Firmware | =4.0 | |
| Gehealthcare Clinical Information Center Mp100d Firmware | =5.0 | |
| Gehealthcare Clinical Information Center Mp100d | ||
| Gehealthcare Clinical Information Center Mp100r Firmware | =4.0 | |
| Gehealthcare Clinical Information Center Mp100r Firmware | =5.0 | |
| Gehealthcare Clinical Information Center Mp100r | ||
| Gehealthcare Carescape Telemetry Server Mp100r Firmware | <=4.2 | |
| Gehealthcare Carescape Telemetry Server Mp100r |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-6965?
CVE-2020-6965 is a vulnerability in ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, and B850 Version 2.X.
How severe is CVE-2020-6965?
CVE-2020-6965 has a severity rating of 9.9 (Critical).
How does CVE-2020-6965 affect Gehealthcare Apexpro Telemetry Server Firmware?
CVE-2020-6965 affects Gehealthcare Apexpro Telemetry Server Firmware versions up to 4.2
How can the Gehealthcare Carescape B450 Monitor Firmware be vulnerable to CVE-2020-6965?
The Gehealthcare Carescape B450 Monitor Firmware version 2.0 is vulnerable to CVE-2020-6965.
Where can I find more information about CVE-2020-6965?
You can find more information about CVE-2020-6965 at the following references: [US-CERT Advisory](https://www.us-cert.gov/ics/advisories/icsma-20-023-01) and [GE Healthcare Gateway Project Implementation Guide](https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf).
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/gehealthcare
- canonical/gehealthcare apexpro telemetry server firmware
- version/gehealthcare apexpro telemetry server firmware/4.2
- canonical/gehealthcare apexpro telemetry server
- canonical/gehealthcare carescape b450 monitor firmware
- version/gehealthcare carescape b450 monitor firmware/2.0
- canonical/gehealthcare carescape b450 monitor
- canonical/gehealthcare carescape b650 monitor firmware
- version/gehealthcare carescape b650 monitor firmware/1.0
- version/gehealthcare carescape b650 monitor firmware/2.0
- canonical/gehealthcare carescape b650 monitor
- canonical/gehealthcare carescape b850 monitor firmware
- version/gehealthcare carescape b850 monitor firmware/1.0
- version/gehealthcare carescape b850 monitor firmware/2.0
- canonical/gehealthcare carescape b850 monitor
- canonical/gehealthcare carescape central station mai700 firmware
- version/gehealthcare carescape central station mai700 firmware/1.0
- canonical/gehealthcare carescape central station mai700
- canonical/gehealthcare carescape central station mas700 firmware
- version/gehealthcare carescape central station mas700 firmware/1.0
- canonical/gehealthcare carescape central station mas700
- canonical/gehealthcare clinical information center mp100d firmware
- version/gehealthcare clinical information center mp100d firmware/4.0
- version/gehealthcare clinical information center mp100d firmware/5.0
- canonical/gehealthcare clinical information center mp100d
- canonical/gehealthcare clinical information center mp100r firmware
- version/gehealthcare clinical information center mp100r firmware/4.0
- version/gehealthcare clinical information center mp100r firmware/5.0
- canonical/gehealthcare clinical information center mp100r
- canonical/gehealthcare carescape telemetry server mp100r firmware
- version/gehealthcare carescape telemetry server mp100r firmware/4.2
- canonical/gehealthcare carescape telemetry server mp100r