Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-6962

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-24 Jan, 2020 | 16:07
Updated At-04 Aug, 2024 | 09:18
Rejected At-
Credits

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:24 Jan, 2020 | 16:07
Updated At:04 Aug, 2024 | 09:18
Rejected At:
▼CVE Numbering Authority (CNA)

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.

Affected Products
Vendor
n/a
Product
GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center,CARESCAPE B450,B650,B850 Monitors
Versions
Affected
  • ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server,v4.2 & prior,Clinical Information Center,v4.X & 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X
Problem Types
TypeCWE IDDescription
CWECWE-20IMPROPER INPUT VALIDATION CWE-20
Type: CWE
CWE ID: CWE-20
Description: IMPROPER INPUT VALIDATION CWE-20
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.us-cert.gov/ics/advisories/icsma-20-023-01
x_refsource_MISC
Hyperlink: https://www.us-cert.gov/ics/advisories/icsma-20-023-01
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.us-cert.gov/ics/advisories/icsma-20-023-01
x_refsource_MISC
x_transferred
Hyperlink: https://www.us-cert.gov/ics/advisories/icsma-20-023-01
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:24 Jan, 2020 | 17:15
Updated At:17 Mar, 2020 | 17:21

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
gehealthcare
gehealthcare
>>apexpro_telemetry_server_firmware>>Versions up to 4.2(inclusive)
cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:*:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>apexpro_telemetry_server_firmware>>4.3
cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:4.3:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>apexpro_telemetry_server>>-
cpe:2.3:h:gehealthcare:apexpro_telemetry_server:-:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_b450_monitor_firmware>>2.0
cpe:2.3:o:gehealthcare:carescape_b450_monitor_firmware:2.0:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_b450_monitor>>-
cpe:2.3:h:gehealthcare:carescape_b450_monitor:-:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_b650_monitor_firmware>>1.0
cpe:2.3:o:gehealthcare:carescape_b650_monitor_firmware:1.0:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_b650_monitor_firmware>>2.0
cpe:2.3:o:gehealthcare:carescape_b650_monitor_firmware:2.0:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_b650_monitor>>-
cpe:2.3:h:gehealthcare:carescape_b650_monitor:-:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_b850_monitor_firmware>>1.0
cpe:2.3:o:gehealthcare:carescape_b850_monitor_firmware:1.0:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_b850_monitor_firmware>>2.0
cpe:2.3:o:gehealthcare:carescape_b850_monitor_firmware:2.0:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_b850_monitor>>-
cpe:2.3:h:gehealthcare:carescape_b850_monitor:-:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_central_station_mai700_firmware>>1.0
cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:1.0:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_central_station_mai700_firmware>>2.0
cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:2.0:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_central_station_mai700>>-
cpe:2.3:h:gehealthcare:carescape_central_station_mai700:-:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_central_station_mas700_firmware>>1.0
cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:1.0:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_central_station_mas700_firmware>>2.0
cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:2.0:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_central_station_mas700>>-
cpe:2.3:h:gehealthcare:carescape_central_station_mas700:-:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>clinical_information_center_mp100d_firmware>>4.0
cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:4.0:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>clinical_information_center_mp100d_firmware>>5.0
cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:5.0:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>clinical_information_center_mp100d>>-
cpe:2.3:h:gehealthcare:clinical_information_center_mp100d:-:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>clinical_information_center_mp100r_firmware>>4.0
cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:4.0:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>clinical_information_center_mp100r_firmware>>5.0
cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:5.0:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>clinical_information_center_mp100r>>-
cpe:2.3:h:gehealthcare:clinical_information_center_mp100r:-:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_telemetry_server_mp100r_firmware>>Versions up to 4.2(inclusive)
cpe:2.3:o:gehealthcare:carescape_telemetry_server_mp100r_firmware:*:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_telemetry_server_mp100r_firmware>>4.3
cpe:2.3:o:gehealthcare:carescape_telemetry_server_mp100r_firmware:4.3:*:*:*:*:*:*:*
gehealthcare
gehealthcare
>>carescape_telemetry_server_mp100r>>-
cpe:2.3:h:gehealthcare:carescape_telemetry_server_mp100r:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE-20Secondaryics-cert@hq.dhs.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.us-cert.gov/ics/advisories/icsma-20-023-01ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdfnvd@nist.gov
Product
Hyperlink: https://www.us-cert.gov/ics/advisories/icsma-20-023-01
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf
Source: nvd@nist.gov
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

403Records found
CVE-2020-6963
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.21% / 43.09%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 16:31
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-gehealthcaren/a
Product-carescape_central_station_mai700_firmwarecarescape_central_station_mas700carescape_central_station_mai700clinical_information_center_mp100dapexpro_telemetry_serverclinical_information_center_mp100rclinical_information_center_mp100d_firmwareclinical_information_center_mp100r_firmwarecarescape_telemetry_server_mp100r_firmwarecarescape_telemetry_server_mp100rcarescape_central_station_mas700_firmwareapexpro_telemetry_server_firmwareGE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-20
Improper Input Validation
CVE-2006-7253
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.43% / 61.83%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-gehealthcaren/a
Product-infinia_iin/a
CVE-2012-6695
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.62% / 69.24%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

Action-Not Available
Vendor-gehealthcaren/a
Product-centricity_pacs_workstationn/a
CVE-2012-6693
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.62% / 69.24%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-gehealthcaren/a
Product-centricity_pacs_servern/a
CVE-2011-5322
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.42% / 61.00%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for the analyst user, (3) G3car3s for the ccg user, (4) V0yag3r for the viewer user, and (5) geservice for the geservice user in the Webmin interface, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-gehealthcaren/a
Product-centricity_analytics_servern/a
CVE-2004-2777
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.42% / 61.00%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

Action-Not Available
Vendor-gehealthcaren/a
Product-centricity_image_vault_firmwaren/a
CVE-2003-1603
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.61% / 68.94%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-gehealthcaren/a
Product-discovery_vhn/a
CVE-2010-5308
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.63% / 69.37%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default.

Action-Not Available
Vendor-gehealthcaren/a
Product-optima_mr360_firmwaren/a
CVE-2010-5306
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.61% / 81.01%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-gehealthcaren/a
Product-optima_ct520_firmwareoptima_ct540_firmwareoptima_ct680_firmwaren/a
CVE-2002-2445
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.57% / 67.57%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdown user, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-gehealthcaren/a
Product-millennium_mgmillennium_ncmillennium_myosightn/a
CVE-2002-2446
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.62% / 69.24%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-gehealthcaren/a
Product-millennium_mg_firmwaremillennium_nc_firmwaremillennium_myosight_firmwaren/a
CVE-2010-5310
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.57% / 67.57%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

Action-Not Available
Vendor-gehealthcaren/a
Product-revolution_xq\/in/a
CVE-2010-5307
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.57% / 67.57%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.

Action-Not Available
Vendor-gehealthcaren/a
Product-optima_mr360_firmwaren/a
CVE-2001-1594
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.57% / 67.57%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

Action-Not Available
Vendor-gehealthcaren/a
Product-entegra_p\&rn/a
CVE-2009-5143
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.57% / 67.57%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

Action-Not Available
Vendor-gehealthcaren/a
Product-discovery_530c_firmwaren/a
CVE-2020-6961
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.19% / 40.55%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 16:07
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.

Action-Not Available
Vendor-gehealthcaren/a
Product-carescape_central_station_mai700_firmwarecarescape_central_station_mas700carescape_central_station_mai700clinical_information_center_mp100dapexpro_telemetry_serverclinical_information_center_mp100rclinical_information_center_mp100d_firmwareclinical_information_center_mp100r_firmwarecarescape_telemetry_server_mp100r_firmwarecarescape_telemetry_server_mp100rcarescape_central_station_mas700_firmwareapexpro_telemetry_server_firmwareGE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center,CARESCAPE B450,B650,B850 Monitors
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-6966
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.16% / 37.77%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 17:07
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.

Action-Not Available
Vendor-gehealthcaren/a
Product-carescape_central_station_mai700_firmwarecarescape_central_station_mas700carescape_central_station_mai700clinical_information_center_mp100dapexpro_telemetry_serverclinical_information_center_mp100rclinical_information_center_mp100d_firmwareclinical_information_center_mp100r_firmwarecarescape_telemetry_server_mp100r_firmwarecarescape_telemetry_server_mp100rcarescape_central_station_mas700_firmwareapexpro_telemetry_server_firmwareGE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2010-5309
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.57% / 67.57%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-gehealthcaren/a
Product-cadstream_server_firmwaren/a
CVE-2014-9736
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.43% / 61.83%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-gehealthcaren/a
Product-centricity_clinical_archive_audit_trail_repositoryn/a
CVE-2014-7232
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.62% / 69.24%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.

Action-Not Available
Vendor-gehealthcaren/a
Product-discovery_xr656_g2discovery_xr656n/a
CVE-2014-7233
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.57% / 67.57%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.

Action-Not Available
Vendor-gehealthcaren/a
Product-precision_thunis-800\+n/a
CVE-2013-7442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.62% / 69.24%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.

Action-Not Available
Vendor-gehealthcaren/a
Product-centricity_pacs_workstationn/a
CVE-2013-7405
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.43% / 61.83%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

Action-Not Available
Vendor-gehealthcaren/a
Product-centricity_dmsn/a
CVE-2007-6757
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.61% / 81.01%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

Action-Not Available
Vendor-gehealthcaren/a
Product-centricity_dms_firmwaren/a
CVE-2012-6694
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.62% / 69.24%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.

Action-Not Available
Vendor-gehealthcaren/a
Product-centricity_pacs_servercentricity_pacs_workstationn/a
CVE-2012-6660
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.57% / 67.57%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.

Action-Not Available
Vendor-gehealthcaren/a
Product-precision_mpin/a
CVE-2011-5324
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.57% / 67.57%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

Action-Not Available
Vendor-gehealthcaren/a
Product-centricity_pacs-iwn/a
CVE-2011-5323
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.57% / 67.57%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

Action-Not Available
Vendor-gehealthcaren/a
Product-centricity_pacs-iwn/a
CVE-2013-7404
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.57% / 67.57%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

Action-Not Available
Vendor-gehealthcaren/a
Product-discovery_nm_750bn/a
CVE-2020-6965
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.9||CRITICAL
EPSS-0.30% / 52.78%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 17:06
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.

Action-Not Available
Vendor-gehealthcaren/a
Product-carescape_central_station_mas700clinical_information_center_mp100dclinical_information_center_mp100d_firmwarecarescape_telemetry_server_mp100r_firmwarecarescape_b850_monitor_firmwarecarescape_telemetry_server_mp100rcarescape_central_station_mas700_firmwarecarescape_b450_monitorcarescape_b650_monitorapexpro_telemetry_server_firmwarecarescape_central_station_mai700_firmwarecarescape_central_station_mai700apexpro_telemetry_serverclinical_information_center_mp100rclinical_information_center_mp100r_firmwarecarescape_b450_monitor_firmwarecarescape_b650_monitor_firmwarecarescape_b850_monitorGE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8954
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-53.98% / 97.92%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8975
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-53.98% / 97.92%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-moonshot_provisioning_manager_applianceMoonshot Provisioning Manager Appliance
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8981
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-17.05% / 94.73%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8956
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-13.73% / 94.01%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1966
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-65.82% / 98.44%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-7589
Matching Score-4
Assigner-Johnson Controls
ShareView Details
Matching Score-4
Assigner-Johnson Controls
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.00%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:32
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kantech EntraPass Improper Input Validation

A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior.

Action-Not Available
Vendor-johnsoncontrolsJohnson Controls
Product-entrapassKantech EntraPass Global EditionKantech EntraPass Corporate Edition
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6032
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-0.83% / 73.59%
||
7 Day CHG~0.00%
Published-04 Feb, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-c920x772t64xn4050ee250x64xefx85xe450n400025xxnc53xc77xx78xx642x94xe350c78xn70xxew840x646c52xx644c935dnn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-14.22% / 94.12%
||
7 Day CHG~0.00%
Published-02 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name.

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.
Product-pan-osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6667
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.35% / 86.80%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-context_service_development_kitCisco Context Service SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3881
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.08% / 99.89%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 22:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_3750x-48pf-lcatalyst_3560-8pccatalyst_2960-24lt-lenhanced_layer_2\/3_etherswitch_service_modulecatalyst_4500_supervisor_engine_6l-ecatalyst_2960c-8tc-lie-4000-8t4g-e_industrial_ethernet_switchie_2000-16t67_industrial_ethernet_switchcatalyst_2960-plus_24lc-lcatalyst_3560-48tsie-3010-24tc_industrial_ethernet_switchcatalyst_3750x-24u-scatalyst_2960-plus_48pst-lcatalyst_2960s-f48fps-lcatalyst_2960xr-24td-lcatalyst_3560e-48pd-sfcatalyst_4948e_ethernet_switchcatalyst_3750x-48p-ecatalyst_2960s-48lpd-lcatalyst_4000_supervisor_engine_vcatalyst_3750_metro_24-dccatalyst_3560v2-24psembedded_service_2020_24tc_ncp_bcatalyst_3560x-24u-lie_2000-4t-g_industrial_ethernet_switchcatalyst_3560-24pscatalyst_3560cx-8pt-scatalyst_3560x-24u-ecatalyst_3750e-24pd-ecatalyst_3750v2-24psie_2000-8tc-g_industrial_ethernet_switchcatalyst_3550_48_smicatalyst_2960l-24ps-llcatalyst_3750e-24td-ecatalyst_3560e-48pd-efcatalyst_2960xr-48ts-lcatalyst_3750e-48pd-ecatalyst_2960xr-48fpd-icatalyst_2960xr-48td-lie_2000-16ptc-g_industrial_ethernet_switchie-4000-8gt8gp4g-e_industrial_ethernet_switchcatalyst_3560cpd-8pt-scatalyst_3750x-48t-scatalyst_2960xr-24td-icatalyst_3560cg-8pc-scatalyst_blade_switch_3020ie_2000-4ts_industrial_ethernet_switchcatalyst_2960cx-8tc-lcatalyst_2918-48tt-ccatalyst_2960c-8pc-lcatalyst_3560x-48p-scatalyst_3560e-12sd-scatalyst_2960s-f48lps-lcatalyst_4948e-f_ethernet_switchcatalyst_2960x-48fpd-lcatalyst_2960-48tc-lcatalyst_3560v2-24dccatalyst_3750x-24t-ecatalyst_3750e-48pd-efcatalyst_3750x-24t-scatalyst_3560cx-8pc-scatalyst_2960-8tc-lcatalyst_3560x-48t-ecatalyst_3560x-24t-lie-4000-8gs4g-e_industrial_ethernet_switchcatalyst_2960xr-24pd-lcatalyst_2960c-8tc-scatalyst_2960s-48ts-sie_2000-16tc-g-e_industrial_ethernet_switchcatalyst_3560e-48td-ecatalyst_2960xr-48lpd-iembedded_service_2020_ncp_bcatalyst_3550_24_emicatalyst_2960xr-48fpd-lcatalyst_c2928-24lt-ccatalyst_2960-plus_48tc-lcatalyst_2960-48pst-scatalyst_3750e-24pd-scatalyst_2350-48td-sdcatalyst_4500_supervisor_engine_ii-pluscatalyst_2960s-f24ps-lme_4924-10gecatalyst_2970g-24tcatalyst_blade_switch_3040catalyst_blade_switch_3030catalyst_2960-24tc-lcatalyst_2960x-48td-lcatalyst_2960-48tt-scatalyst_3750x-24p-ecatalyst_2960x-24pd-lcatalyst_3560e-24pd-scatalyst_3560g-24pscatalyst_2960xr-24ts-icatalyst_3750x-12s-ecatalyst_2960l-16ps-llcatalyst_3750x-24p-scatalyst_2960s-f24ts-lcatalyst_3750-24tscatalyst_3750x-48u-scatalyst_3750x-48p-scatalyst_3750x-24s-scatalyst_blade_switch_3120catalyst_2960-24tc-scatalyst_2960-plus_24pc-lcatalyst_4948catalyst_2960-plus_48pst-scatalyst_blade_switch_3032catalyst_3750x-48p-lcatalyst_3750v2-24tsios_xeie_2000-16tc-g-x_industrial_ethernet_switchcatalyst_4500_supervisor_engine_ii-plus-tscatalyst_3560x-24t-scatalyst_2960xr-48fps-lcatalyst_3750x-12s-scatalyst_2960s-f24ts-ssm-x_layer_2\/3_etherswitch_service_modulecatalyst_2960s-f48ts-lcatalyst_3560c-8pc-scatalyst_2960-48pst-lcatalyst_2960s-24ts-scatalyst_2918-24tc-ccatalyst_3560x-48p-ecatalyst_2350-48td-scatalyst_3560c-12pc-scatalyst_3560g-48psie_2000-4t_industrial_ethernet_switchcatalyst_switch_module_3012catalyst_3750e-48pd-sfie-4000-16t4g-e_industrial_ethernet_switchcatalyst_4500_supervisor_engine_vcatalyst_4000_supervisor_engine_icatalyst_3750e-48td-ecatalyst_2960c-12pc-lcatalyst_2960-24pc-scatalyst_2960x-48fps-lcatalyst_3560x-24p-scatalyst_2960s-24ts-lcatalyst_2960-plus_24tc-lembedded_service_2020_24tc_con_bcatalyst_2928-24tc-ccatalyst_4500_supervisor_engine_v-10gecatalyst_3750g-12s-sdcatalyst_3750-48tscatalyst_3750x-24t-lcatalyst_3560x-48pf-sie_2000-4ts-g_industrial_ethernet_switchcatalyst_3750v2-48pscatalyst_3560x-48pf-ecatalyst_2960x-24ps-lcatalyst_2918-24tt-ccatalyst_3560x-48pf-lcatalyst_2960s-f48ts-sie_3000-8tc_industrial_ethernet_switchcatalyst_3560v2-24tscatalyst_blade_switch_3130embedded_service_2020_ncpcatalyst_2960g-24tc-lcatalyst_2960x-24ts-llcatalyst_3750v2-48tscatalyst_4500e_supervisor_engine_8-ecatalyst_2960x-24ts-lcatalyst_2960s-48ts-lcatalyst_2960l-48ts-llcatalyst_3750e-24td-scatalyst_2960s-48td-lcatalyst_3560x-48t-scatalyst_2960-48tc-scatalyst_3750e-48pd-scatalyst_2960g-8tc-lcatalyst_3750x-48t-lcatalyst_4928_10_gigabit_ethernet_switchcatalyst_2960s-48fps-lie_3000-4tc_industrial_ethernet_switchcatalyst_3560e-48td-scatalyst_3560cx-8tc-scatalyst_3750g-16tdcatalyst_3550_24_fx_smicatalyst_3560-48pscatalyst_3750x-24u-lcatalyst_2960-plus_24tc-scatalyst_3560cx-12pc-scatalyst_2960-24-scatalyst_2960-48tt-lie-4010-16s12p_industrial_ethernet_switchie_2000-24t67_industrial_ethernet_switchcatalyst_3560e-48pd-scatalyst_3750-24pscatalyst_3560cx-12tc-scatalyst_2960xr-48fps-icatalyst_3560e-24td-ecatalyst_2960x-48ts-llcatalyst_4500_supervisor_ii-plus-10geie_2000-16tc_industrial_ethernet_switchcatalyst_3750g-24tscatalyst_2960s-48lps-lie-5000-12s12p-10g_industrial_ethernet_switchembedded_service_2020_24tc_ncpcatalyst_3560v2-48tscatalyst_3560x-48u-lcatalyst_3560x-24p-lembedded_service_2020_24tc_concatalyst_2960-24tt-lcatalyst_2960s-48fpd-lcatalyst_2960x-48lpd-lie-4000-8gt4g-e_industrial_ethernet_switchcatalyst_switch_module_3110catalyst_2960xr-24pd-iie-5000-16s12p_industrial_ethernet_switchcatalyst_3560-12pc-scatalyst_2960-plus_24lc-scatalyst_3750_metro_24-accatalyst_3750g-48pscatalyst_2960s-24ps-lcatalyst_2960xr-48lps-icatalyst_3550_24_dc_smicatalyst_2960cpd-8pt-lcatalyst_2960-24pc-lcatalyst_2960pd-8tt-lie-4000-4gc4gp4g-e_industrial_ethernet_switchie-4000-8s4g-e_industrial_ethernet_switchcatalyst_3560x-48u-ecatalyst_3560v2-48pscatalyst_blade_switch_3120xie-4010-4s24p_industrial_ethernet_switchcatalyst_2975catalyst_2960l-24ts-llie-4000-4s8p4g-e_industrial_ethernet_switchcatalyst_2960-plus_24pc-scatalyst_2960s-24pd-lcatalyst_3560cg-8tc-scatalyst_3550_24_smiie_2000-8tc-g-e_industrial_ethernet_switchcatalyst_2960-8tc-scatalyst_3750v2-24fscatalyst_4948_10_gigabit_ethernet_switchie_2000-8t67_industrial_ethernet_switchie_2000-8tc-g-n_industrial_ethernet_switchcatalyst_2960s-24td-lcatalyst_c2928-48tc-ccatalyst_2960xr-24ps-icatalyst_2960x-24psq-lie-4000-4gs8gp4g-e_industrial_ethernet_switchie-4000-16gt4g-e_industrial_ethernet_switchcatalyst_2960cg-8tc-lcatalyst_4500_supervisor_engine_ivcatalyst_3560x-24t-eioscatalyst_3750x-48pf-scatalyst_3750x-48t-ecatalyst_2960xr-24ps-lie_2000-16tc-g-n_industrial_ethernet_switchcatalyst_3560-24tscatalyst_3560g-24tscatalyst_2960xr-48lpd-lie-4000-4t4p4g-e_industrial_ethernet_switchcatalyst_3750-24fscatalyst_2960x-24td-lcatalyst_3750e-48td-scatalyst_2918-48tc-ccatalyst_2960xr-24ts-lcatalyst_3750g-24pscatalyst_switch_module_3110xcatalyst_3560x-48t-lie_2000-16tc-g_industrial_ethernet_switchcatalyst_2960l-8ts-llcatalyst_2960-plus_48tc-scatalyst_4000_supervisor_engine_ivcatalyst_3560x-24p-ecatalyst_4500_supervisor_engine_6-ecatalyst_3560e-24td-senhanced_layer_2_etherswitch_service_moduleie_2000-16t67p_industrial_ethernet_switchcatalyst_2960l-8ps-llcatalyst_3550_12gie-3010-16s-8pc_industrial_ethernet_switchcatalyst_3750g-24tie-4000-4tc4g-e_industrial_ethernet_switchgigabit_ethernet_switch_module_\(cgesm\)ie_2000-4s-ts-g_industrial_ethernet_switchcatalyst_2960x-48lps-lcatalyst_3560e-12d-ecatalyst_3560cx-8xpd-scatalyst_3750x-24s-ecatalyst_3560e-12sd-ecatalyst_3750x-24u-ecatalyst_2960l-48ps-llie_2000-8t67p_industrial_ethernet_switchcatalyst_2360-48td-scatalyst_3560x-48u-scatalyst_3560e-48pd-eembedded_service_2020_con_bcatalyst_3750x-24p-lcatalyst_2960x-48ts-lcatalyst_3750x-48pf-ecatalyst_2960l-16ts-llembedded_service_2020_concatalyst_4900mcatalyst_3560e-24pd-ecatalyst_2960xr-48ts-icatalyst_3750g-12sie_2000-8tc_industrial_ethernet_switchcatalyst_3560e-12d-scatalyst_2970g-24tscatalyst_3750-48pscatalyst_3560x-24u-scatalyst_3750x-48u-lcatalyst_2960g-48tc-lcatalyst_2960xr-48lps-lcatalyst_2960xr-48td-icatalyst_3550_48_emicatalyst_3550_24_pwrcatalyst_3560g-48tsrf_gateway_10catalyst_3750g-48tscatalyst_3550_12tcatalyst_3750g-24ts-1ucatalyst_2960cx-8pc-lcatalyst_3750x-48u-ecatalyst_2960-24lc-scatalyst_2960cpd-8tt-lcatalyst_3560cx-12pd-scatalyst_3560x-48p-lCisco IOS and IOS XE SoftwareIOS and IOS XE
CWE ID-CWE-20
Improper Input Validation
CVE-2007-0213
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-83.33% / 99.22%
||
7 Day CHG~0.00%
Published-08 May, 2007 | 23:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5817
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-83.65% / 99.24%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-4997
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-5.22% / 89.56%
||
7 Day CHG~0.00%
Published-29 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_vasa_provider_virtual_applianceVASA Provider Virtual Appliance versions 8.3.x and prior
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5815
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-61.26% / 98.25%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5819
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-53.98% / 97.92%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5816
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-90.38% / 99.58%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44228
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-10||CRITICAL
EPSS-94.36% / 99.96%
||
7 Day CHG~0.00%
Published-10 Dec, 2021 | 00:00
Updated-08 Aug, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-12-24||For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Action-Not Available
Vendor-percussionsnowsoftwareApple Inc.The Apache Software FoundationFedora ProjectCisco Systems, Inc.Siemens AGIntel CorporationNetApp, Inc.Bentley Systems, IncorporatedSonicWall Inc.Debian GNU/Linux
Product-common_services_platform_collectorsolidfire_enterprise_sdsoncommand_insightdatacenter_manageractive_iq_unified_manageroperation_schedulerconnected_analytics_for_network_deploymentindustrial_edge_management_hubsnapcenterintegrated_management_controller_supervisorfirepower_1150iot_operations_dashboardwan_automation_enginefirepower_2140system_studiovirtualized_voice_browserfirepower_2110dna_centersolid_edge_cam_pro6bk1602-0aa42-0tp0energyipcomossecure_device_onboardfirepower_4120sppa-t3000_ses3000_firmwaresiveillance_viewpointfirepower_1120genomics_kernel_librarycontact_center_domain_managercrosswork_data_gatewayxpedition_package_integratornetwork_dashboard_fabric_controller6bk1602-0aa22-0tp0_firmwarecloud_secure_agentnexus_insights6bk1602-0aa22-0tp0firepower_10106bk1602-0aa32-0tp0email_securityunified_contact_center_management_portalopcenter_intelligencexcodedna_spaces_connectorfinessesolidfire_\&_hci_storage_nodepackaged_contact_center_enterpriseunified_sip_proxycloudcenter_suiteucs_directorenergy_engagefxoscustomer_experience_cloud_agentpaging_serverlogo\!_soft_comfortfirepower_2130siveillance_control_prospectrum_power_7cloud_managernetwork_insights_for_data_centersynchro_4d6bk1602-0aa52-0tp0solid_edge_harness_designfog_directornetwork_assurance_enginefirepower_4115nexus_dashboardsmart_phybusiness_process_automation6bk1602-0aa42-0tp0_firmwarebroadworksfirepower_4140emergency_responderucs_centralcomputer_vision_annotation_toolvideo_surveillance_managerconnected_mobile_experiencessynchrohead-end_system_universal_device_integration_systemsentron_powermanagerfedoracloudcenter_cost_optimizer6bk1602-0aa12-0tp0_firmwarespectrum_power_4cloudcentervm_access_proxycloudcenter_suite_adminoneapi_sample_browser6bk1602-0aa52-0tp0_firmwarefirepower_4150virtual_topology_systemfirepower_9300prime_service_catalogbrocade_san_navigatorenterprise_chat_and_emailcloud_connectfirepower_4145teamcenterunified_customer_voice_portalcloud_insightsrhythmyxfirepower_1140sipass_integratedsiveillance_vantageintersight_virtual_appliancesd-wan_vmanageucs_central_softwarecontact_center_management_portalwebex_meetings_serverunified_intelligence_centerunified_workforce_optimizationenergyip_prepaycrosswork_zero_touch_provisioningcx_cloud_agent6bk1602-0aa12-0tp0unity_connectioncloudcenter_workload_manageroptical_network_controllervirtualized_infrastructure_managervideo_surveillance_operations_manager6bk1602-0aa32-0tp0_firmwareunified_communications_manageradvanced_malware_protection_virtual_private_cloud_applianceidentity_services_enginesnow_commandercyber_vision_sensor_management_extensionfirepower_4112unified_contact_center_enterprisedebian_linuxunified_computing_systemunified_contact_center_expressxpedition_enterpriselog4jdesigo_cc_advanced_reportsontap_toolsunified_communications_manager_im_and_presence_servicefirepower_2120mobility_services_enginecrosswork_network_automationdna_spacesvesysautomated_subsea_tuningcyber_visionsiveillance_commandevolved_programmable_network_managerdna_spaces\firepower_4110mendixfirepower_4125sppa-t3000_ses3000unified_communications_manager_im_\&_presence_servicee-car_operation_centernxindustrial_edge_managementworkload_optimization_managerfirepower_threat_defensenavigatorcapitalcrosswork_platform_infrastructurenetwork_services_orchestratordata_center_network_managercrosswork_optimization_enginemindspheresiguard_dsagma-managerdesigo_cc_info_centercrosswork_network_controllersiveillance_identityApache Log4j2Log4j2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2017-3098
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-15.17% / 94.33%
||
7 Day CHG~0.00%
Published-20 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-captivateAdobe Captivate 9 and earlier.
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3792
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.99% / 82.86%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_mcu_softwaretelepresence_mcu_5310telepresence_mcu_4510telepresence_mcu_4520telepresence_mcu_4505telepresence_mcu_4515telepresence_mcu_5320telepresence_mcu_mse_8510Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3197
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-4.06% / 88.06%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.

Action-Not Available
Vendor-gigabyteGIGABYTE
Product-gb-bsi7h-6500gb-bxi7-5775gb-bxi7-5775_firmwaregb-bsi7h-6500_firmwareGB-BXi7-5775GB-BSi7H-6500
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 8
  • 9
  • Next
Details not found