CVE-2020-6963

CRITICAL

GE Healthcare ApexPro Telemetry Server < 4.2 - Remote Code Execution via Hardcoded SMB Credentials

Title source: llm

Description

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://www.us-cert.gov/ics/advisories/icsma-20-023-01

Product

https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf

Scores

CVSS v3 10.0

EPSS 0.0275

EPSS Percentile 84.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-20 CWE-798

Status published

Products (8)

gehealthcare/apexpro_telemetry_server_firmware < 4.2

gehealthcare/carescape_central_station_mai700_firmware 1.0

gehealthcare/carescape_central_station_mas700_firmware 1.0

gehealthcare/carescape_telemetry_server_mp100r_firmware < 4.2

gehealthcare/clinical_information_center_mp100d_firmware 4.0

gehealthcare/clinical_information_center_mp100d_firmware 5.0

gehealthcare/clinical_information_center_mp100r_firmware 4.0

gehealthcare/clinical_information_center_mp100r_firmware 5.0

Published Jan 24, 2020

Tracked Since Feb 18, 2026