CVE-2013-7405
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| gehealthcare | centricity_dms | 4.2 | |
References
- http://apps.gehealthcare.com/servlet/ClientServlet/0908141_DMS+4.2+MTG.pdf?REQ=RAA&DIRECTION=0908141&FILENAME=0908141_DMS%2B4.2%2BMTG.pdf&FILEREV=D&DOCREV_ORG=D
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
- https://twitter.com/digitalbond/status/619250429751222277
- http://apps.gehealthcare.com/servlet/ClientServlet/0908141_DMS+4.2+MTG.pdf?REQ=RAA&DIRECTION=0908141&FILENAME=0908141_DMS%2B4.2%2BMTG.pdf&FILEREV=D&DOCREV_ORG=D
- http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
- https://twitter.com/digitalbond/status/619250429751222277
CWEs
CWE-255
Verify integrity in audit chain (admin only). AS-IS.