CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-1630 – Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component
https://notcve.org/view.php?id=CVE-2024-1630
14 May 2024 — Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component Vulnerabilidad de Path Traversal en la función “getAllFolderContents” de Common Service Desktop, un componente del dispositivo de ultrasonido de GE HealthCare • https://securityupdate.gehealthcare.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-1629 – Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component
https://notcve.org/view.php?id=CVE-2024-1629
14 May 2024 — Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component Vulnerabilidad de Path Traversal en la función "deleteFiles" de Common Service Desktop, un componente del dispositivo de ultrasonido de GE HealthCare • https://securityupdate.gehealthcare.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-1628 – OS command injection vulnerabilities in GE HealthCare ultrasound devices
https://notcve.org/view.php?id=CVE-2024-1628
14 May 2024 — OS command injection vulnerabilities in GE HealthCare ultrasound devices Vulnerabilidades de inyección de comandos del sistema operativo en dispositivos de ultrasonido GE HealthCare • https://securityupdate.gehealthcare.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36549 – GE Voluson S8 Windows Operating System Patches privileges management
https://notcve.org/view.php?id=CVE-2020-36549
17 Jun 2022 — A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to succeed. Se ha encontrado una vulnerabilidad clasificada como crítica en GE Voluson S8. • https://vuldb.com/?id.129835 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36548 – GE Voluson S8 Service Browser users.cgi improper authentication
https://notcve.org/view.php?id=CVE-2020-36548
17 Jun 2022 — A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local host. Se ha encontrado una vulnerabilidad clasificada como problemática en GE Voluson S8. • https://vuldb.com/?id.129834 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36547 – GE Voluson S8 Service Browser hard-coded credentials
https://notcve.org/view.php?id=CVE-2020-36547
17 Jun 2022 — A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings. • https://vuldb.com/?id.129833 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.2EPSS: 0%CPEs: 32EXPL: 0CVE-2020-6977
https://notcve.org/view.php?id=CVE-2020-6977
20 Feb 2020 — A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all vers... • https://www.us-cert.gov/ics/advisories/icsma-20-049-02 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •