CVE-2020-6964

HIGH

GE Healthcare ApexPro/CARESCAPE Telemetry Server <4.2 - Unauthenticated Remote Keyboard Input

Title source: llm

Description

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://www.us-cert.gov/ics/advisories/icsma-20-023-01

Product

https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf

Scores

CVSS v3 8.6

EPSS 0.0136

EPSS Percentile 68.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Details

CWE

CWE-306

Status published

Products (10)

gehealthcare/apexpro_telemetry_server_firmware < 4.2

gehealthcare/carescape_central_station_mai700_firmware 1.0

gehealthcare/carescape_central_station_mai700_firmware 2.0

gehealthcare/carescape_central_station_mas700_firmware 1.0

gehealthcare/carescape_central_station_mas700_firmware 2.0

gehealthcare/carescape_telemetry_server_mp100r_firmware < 4.2

gehealthcare/clinical_information_center_mp100d_firmware 4.0

gehealthcare/clinical_information_center_mp100d_firmware 5.0

gehealthcare/clinical_information_center_mp100r_firmware 4.0

gehealthcare/clinical_information_center_mp100r_firmware 5.0

Published Jan 24, 2020

Tracked Since Feb 18, 2026