Required CVE Record Information
Description
The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.
References 4 Total
- http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
- https://twitter.com/digitalbond/status/619250429751222277
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4 x_transferred
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/ x_transferred
- https://twitter.com/digitalbond/status/619250429751222277 x_transferred
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02 x_transferred