Vulnerabilities for Optima mr360 firmware (...) - CXSECURITY.COM

Vulnerabilities for 'Optima mr360 firmware'

2015-08-04

CVE-2010-5308

GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default.

CVE-2010-5307

CWE-255

The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.

>>> Vendor: Gehealthcare 32 Products

Entegra p&r firmware

Millennium mg firmware

Millennium myosight firmware

Millennium nc firmware

Centricity image vault firmware

Infinia ii firmware

Centricity dms firmware

Discovery 530c firmware

Revolution xq/i

Centricity analytics server

Centricity packs-iw

Centricity pacs-iw

Centricity pacs server

Centricity pacs workstation

Discovery nm 750b

Discovery xr656

Discovery xr656 g2

Precision thunis-800+

Centricity clinical archive audit trail repository

Optima ct520 firmware

Optima ct540 firmware

Optima ct680 firmware

Optima mr360 firmware

Cadstream server firmware

Millennium myosight

Copyright 2024, cxsecurity.com