CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27110 – Elevation of privilege vulnerability in GE HealthCare EchoPAC products
https://notcve.org/view.php?id=CVE-2024-27110
14 May 2024 — Elevation of privilege vulnerability in GE HealthCare EchoPAC products Elevación de la vulnerabilidad de privilegios en los productos GE HealthCare EchoPAC • https://securityupdate.gehealthcare.com • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27109 – Insufficiently protected credentials in GE HealthCare EchoPAC products
https://notcve.org/view.php?id=CVE-2024-27109
14 May 2024 — Insufficiently protected credentials in GE HealthCare EchoPAC products Credenciales insuficientemente protegidas en los productos GE HealthCare EchoPAC • https://securityupdate.gehealthcare.com • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27108 – Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products
https://notcve.org/view.php?id=CVE-2024-27108
14 May 2024 — Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products Acceso no privilegiado a la vulnerabilidad de archivos críticos en los productos GE HealthCare EchoPAC • https://securityupdate.gehealthcare.com • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27107 – Weak account password in GE HealthCare EchoPAC products
https://notcve.org/view.php?id=CVE-2024-27107
14 May 2024 — Weak account password in GE HealthCare EchoPAC products Contraseña de cuenta débil en productos GE HealthCare EchoPAC • https://securityupdate.gehealthcare.com • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27106 – Vulnerable data in transit in GE HealthCare EchoPAC products
https://notcve.org/view.php?id=CVE-2024-27106
14 May 2024 — Vulnerable data in transit in GE HealthCare EchoPAC products Datos vulnerables en tránsito en productos GE HealthCare EchoPAC • https://securityupdate.gehealthcare.com • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-1630 – Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component
https://notcve.org/view.php?id=CVE-2024-1630
14 May 2024 — Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component Vulnerabilidad de Path Traversal en la función “getAllFolderContents” de Common Service Desktop, un componente del dispositivo de ultrasonido de GE HealthCare • https://securityupdate.gehealthcare.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-1629 – Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component
https://notcve.org/view.php?id=CVE-2024-1629
14 May 2024 — Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component Vulnerabilidad de Path Traversal en la función "deleteFiles" de Common Service Desktop, un componente del dispositivo de ultrasonido de GE HealthCare • https://securityupdate.gehealthcare.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-1628 – OS command injection vulnerabilities in GE HealthCare ultrasound devices
https://notcve.org/view.php?id=CVE-2024-1628
14 May 2024 — OS command injection vulnerabilities in GE HealthCare ultrasound devices Vulnerabilidades de inyección de comandos del sistema operativo en dispositivos de ultrasonido GE HealthCare • https://securityupdate.gehealthcare.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-1486 – Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
https://notcve.org/view.php?id=CVE-2024-1486
14 May 2024 — Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices Elevación de privilegios mediante lista de control de acceso mal configurada en dispositivos de ultrasonido de GE HealthCare • https://securityupdate.gehealthcare.com • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-5909 – Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx
https://notcve.org/view.php?id=CVE-2023-5909
30 Nov 2023 — KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. KEPServerEX no valida adecuadamente los certificados de los clientes, lo que puede permitir que se conecten usuarios no autenticados. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •