Vulnerability Details : CVE-2020-25179
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
Vulnerability category: Information leak
Products affected by CVE-2020-25179
- cpe:2.3:o:gehealthcare:optima_ct540_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_ct520_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_mr360_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:3.0t_signa_hdxt_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:3.0t_signa_hd_16_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:3.0t_signa_hd_23_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:1.5t_brivo_mr355_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:signa_hdi_1.5t_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:signa_vibrant_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:logiq_5_bt03_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:logiq_7_bt03_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:logiq_7_bt04_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:logiq_7_bt06_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:logiq_9_bt02_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:logiq_9_bt03_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:logiq_9_bt04_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:logiq_9_bt06_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:vivid_i_bt06_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:vivid_7_bt02_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:vivid_7_bt06_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:echopac_bt06_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:image_vault_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:voluson_730_bt05_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:voluson_730_bt08_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:innova_2000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:innova_3100_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:innova_4100_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:innova_2100-iq_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:innova_3100-iq_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:innova_4100-iq_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:innova_212-iq_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:innova_313-iq_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_320_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_cl320i_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_cl323i_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_cl320_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_3100_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_igs_320_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_igs_330_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:innova_igs_520_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:innova_igs_530_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:innova_igs_620_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:innova_igs_630_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:innova_igs_730_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:brivo_xr118_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:brivo_xr383_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:brivo_xr515_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:brivo_xr575_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:brivo_definiu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:definium_5000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:definium_6000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:definium_8000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:amx_700_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_xr650_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_xr656_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_xr656\+_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_xr640_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_xr646_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_xr220amx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_xr200amx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:precision_500d_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:wdr1_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:seno_200d_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:seno_ds_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:seno_essential_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:senographe_pristina_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:brightspeed_elite_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:brightspeed_elite_select_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:brightspeed_edge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:brightspeed_edge_select_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:brivo_ct385_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_ct590rt_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_ct750hd_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:lightspeed_vct_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:lightspeed_pro16_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:lightspeed_rt16_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_advance_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_ct660_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_ct580_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_ct580rt_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_ct580w_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_ct670_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_ct68_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_quantum_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_expert_\&_professional_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:revolution_evo_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:revolution_hd_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:revolution_act_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:revolution_acts_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:revolution_ct_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:revolution_discovery_ct_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:revolution_frontier_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:revolution_frontier_es_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:brivo_nm_615_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_nm_630_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_nm_750b_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_nm_d530c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_nm\/ct_d570c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_nm\/ct_670_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:infinia_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_nm830_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_nm\/ct_860_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_nm\/ct850_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_nm\/ct_870_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_mi_mi_dr_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:discovery_iq_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:optima_nm\/ct_640_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:ventri_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:xeleris_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:pet_discovery_iq_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:pet_discovery_iq_upgrade_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:gehealthcare:petrace_800_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-25179
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-25179
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-25179
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.Assigned by: ics-cert@hq.dhs.gov (Secondary)
References for CVE-2020-25179
-
https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01
GE Healthcare Imaging and Ultrasound Products | CISAThird Party Advisory;US Government Resource
Jump to