Description
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsma-20-023-01
Scores
CVSS v3
10.0
EPSS
0.0162
EPSS Percentile
72.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-522
CWE-256
Status
published
Products (9)
gehealthcare/apexpro_telemetry_server_firmware
< 4.2
gehealthcare/carescape_central_station_mai700_firmware
1.0
gehealthcare/carescape_central_station_mas700_firmware
1.0
gehealthcare/carescape_telemetry_server_mp100r_firmware
4.3
gehealthcare/carescape_telemetry_server_mp100r_firmware
< 4.2
gehealthcare/clinical_information_center_mp100d_firmware
4.0
gehealthcare/clinical_information_center_mp100d_firmware
5.0
gehealthcare/clinical_information_center_mp100r_firmware
4.0
gehealthcare/clinical_information_center_mp100r_firmware
5.0
Published
Jan 24, 2020
Tracked Since
Feb 18, 2026