CVE-2020-6961

CRITICAL

ApexPro Telemetry Server <4.2 - Info Disclosure

Title source: llm

Description

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.

References (2)

[Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsma-20-023-01

[Product] https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf

Scores

CVSS v3 10.0

EPSS 0.0019

EPSS Percentile 40.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-522 CWE-256

Status published

Products (9)

gehealthcare/apexpro_telemetry_server_firmware < 4.2

gehealthcare/carescape_central_station_mai700_firmware 1.0

gehealthcare/carescape_central_station_mas700_firmware 1.0

gehealthcare/carescape_telemetry_server_mp100r_firmware 4.3

gehealthcare/carescape_telemetry_server_mp100r_firmware < 4.2

gehealthcare/clinical_information_center_mp100d_firmware 4.0

gehealthcare/clinical_information_center_mp100d_firmware 5.0

gehealthcare/clinical_information_center_mp100r_firmware 4.0

gehealthcare/clinical_information_center_mp100r_firmware 5.0

Published Jan 24, 2020

Tracked Since Feb 18, 2026