CVE-2020-6966: Weak Encryption
First published: Fri Jan 24 2020(Updated: )
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gehealthcare Apexpro Telemetry Server Firmware | <=4.2 | |
| Gehealthcare Apexpro Telemetry Server | ||
| Gehealthcare Carescape Central Station Mai700 Firmware | =1.0 | |
| Gehealthcare Carescape Central Station Mai700 | ||
| Gehealthcare Carescape Central Station Mas700 Firmware | =1.0 | |
| Gehealthcare Carescape Central Station Mas700 | ||
| Gehealthcare Clinical Information Center Mp100d Firmware | =4.0 | |
| Gehealthcare Clinical Information Center Mp100d Firmware | =5.0 | |
| Gehealthcare Clinical Information Center Mp100d | ||
| Gehealthcare Clinical Information Center Mp100r Firmware | =4.0 | |
| Gehealthcare Clinical Information Center Mp100r Firmware | =5.0 | |
| Gehealthcare Clinical Information Center Mp100r | ||
| Gehealthcare Carescape Telemetry Server Mp100r Firmware | <=4.2 | |
| Gehealthcare Carescape Telemetry Server Mp100r |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-6966?
CVE-2020-6966 is a vulnerability in ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X that utilizes weak encryption for remote desktop control.
What is the severity of CVE-2020-6966?
CVE-2020-6966 has a severity rating of critical with a value of 10.
How does CVE-2020-6966 affect Gehealthcare Apexpro Telemetry Server Firmware?
CVE-2020-6966 affects Gehealthcare Apexpro Telemetry Server Firmware version 4.2 and prior.
How can I fix CVE-2020-6966?
To fix CVE-2020-6966, it is recommended to upgrade to a version of the affected products that addresses the weak encryption vulnerability.
Where can I find more information about CVE-2020-6966?
You can find more information about CVE-2020-6966 on the US-CERT website and the GE Healthcare website.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/gehealthcare
- canonical/gehealthcare apexpro telemetry server firmware
- version/gehealthcare apexpro telemetry server firmware/4.2
- canonical/gehealthcare apexpro telemetry server
- canonical/gehealthcare carescape central station mai700 firmware
- version/gehealthcare carescape central station mai700 firmware/1.0
- canonical/gehealthcare carescape central station mai700
- canonical/gehealthcare carescape central station mas700 firmware
- version/gehealthcare carescape central station mas700 firmware/1.0
- canonical/gehealthcare carescape central station mas700
- canonical/gehealthcare clinical information center mp100d firmware
- version/gehealthcare clinical information center mp100d firmware/4.0
- version/gehealthcare clinical information center mp100d firmware/5.0
- canonical/gehealthcare clinical information center mp100d
- canonical/gehealthcare clinical information center mp100r firmware
- version/gehealthcare clinical information center mp100r firmware/4.0
- version/gehealthcare clinical information center mp100r firmware/5.0
- canonical/gehealthcare clinical information center mp100r
- canonical/gehealthcare carescape telemetry server mp100r firmware
- version/gehealthcare carescape telemetry server mp100r firmware/4.2
- canonical/gehealthcare carescape telemetry server mp100r