CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-1630 – Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component
https://notcve.org/view.php?id=CVE-2024-1630
14 May 2024 — Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component Vulnerabilidad de Path Traversal en la función “getAllFolderContents” de Common Service Desktop, un componente del dispositivo de ultrasonido de GE HealthCare • https://securityupdate.gehealthcare.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-1629 – Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component
https://notcve.org/view.php?id=CVE-2024-1629
14 May 2024 — Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component Vulnerabilidad de Path Traversal en la función "deleteFiles" de Common Service Desktop, un componente del dispositivo de ultrasonido de GE HealthCare • https://securityupdate.gehealthcare.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-1628 – OS command injection vulnerabilities in GE HealthCare ultrasound devices
https://notcve.org/view.php?id=CVE-2024-1628
14 May 2024 — OS command injection vulnerabilities in GE HealthCare ultrasound devices Vulnerabilidades de inyección de comandos del sistema operativo en dispositivos de ultrasonido GE HealthCare • https://securityupdate.gehealthcare.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-1486 – Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
https://notcve.org/view.php?id=CVE-2024-1486
14 May 2024 — Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices Elevación de privilegios mediante lista de control de acceso mal configurada en dispositivos de ultrasonido de GE HealthCare • https://securityupdate.gehealthcare.com • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.2EPSS: 0%CPEs: 32EXPL: 0CVE-2020-6977
https://notcve.org/view.php?id=CVE-2020-6977
20 Feb 2020 — A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all vers... • https://www.us-cert.gov/ics/advisories/icsma-20-049-02 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •