Details of VAR-201508-0005

ID

VAR-201508-0005

CVE

CVE-2002-2445

TITLE

plural GE Healthcare Millennium Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003992

DESCRIPTION

GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdown user, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC, and MyoSIGHT are all scanning cameras for the medical industry from General Electric (GE). There are security vulnerabilities in several GE products. An attacker could use this vulnerability to control the device

Trust: 2.52

sources: NVD: CVE-2002-2445 // JVNDB: JVNDB-2015-003992 // CNVD: CNVD-2015-05133 // BID: 86877 // VULMON: CVE-2002-2445

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05133

AFFECTED PRODUCTS

vendor:	gehealthcare	model:	millennium mg	scope:	eq	version:	*	Trust: 1.0
vendor:	gehealthcare	model:	millennium nc	scope:	eq	version:	*	Trust: 1.0
vendor:	gehealthcare	model:	millennium myosight	scope:	eq	version:	*	Trust: 1.0
vendor:	ge healthcare	model:	millennium mg	scope:	-	version:	-	Trust: 0.8
vendor:	ge healthcare	model:	millennium myosight	scope:	-	version:	-	Trust: 0.8
vendor:	ge healthcare	model:	millennium nc	scope:	-	version:	-	Trust: 0.8
vendor:	general electric	model:	healthcare millennium mg/nc/myosight	scope:	-	version:	-	Trust: 0.6
vendor:	gehealthcare	model:	millennium myosight	scope:	-	version:	-	Trust: 0.6
vendor:	gehealthcare	model:	millennium nc	scope:	-	version:	-	Trust: 0.6
vendor:	gehealthcare	model:	millennium mg	scope:	-	version:	-	Trust: 0.6
vendor:	gehealthcare	model:	millennium nc	scope:	eq	version:	0	Trust: 0.3
vendor:	gehealthcare	model:	millennium myosight	scope:	eq	version:	0	Trust: 0.3
vendor:	gehealthcare	model:	millennium mg	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2015-05133 // BID: 86877 // JVNDB: JVNDB-2015-003992 // CNNVD: CNNVD-201508-013 // NVD: CVE-2002-2445

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2445
value:	HIGH
Trust: 1.0
NVD:	CVE-2002-2445
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-05133
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201508-013
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2002-2445
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-2445
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-05133
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-05133 // VULMON: CVE-2002-2445 // JVNDB: JVNDB-2015-003992 // CNNVD: CNNVD-201508-013 // NVD: CVE-2002-2445

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2002-2445

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-013

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201508-013

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003992

PATCH

title:	Millennium MyoSIGHT Nuclear Medicine Imaging System Service Manual	url:	http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA&DIRECTION=2354459-100&FILENAME=2354459-100.pdf&FILEREV=4&DOCREV_ORG=4	Trust: 0.8
title:	Top Page	url:	http://www3.gehealthcare.com/en/global_gateway	Trust: 0.8
title:	Millenium MG & MC Nuclear Medicine Imaging System Service Manual	url:	http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA&DIRECTION=2338955-100&FILENAME=2338955-100.pdf&FILEREV=1&DOCREV_ORG=1	Trust: 0.8

sources: JVNDB: JVNDB-2015-003992

EXTERNAL IDS

db:	NVD	id:	CVE-2002-2445	Trust: 3.4
db:	JVNDB	id:	JVNDB-2015-003992	Trust: 0.8
db:	CNVD	id:	CNVD-2015-05133	Trust: 0.6
db:	CNNVD	id:	CNNVD-201508-013	Trust: 0.6
db:	BID	id:	86877	Trust: 0.4
db:	VULMON	id:	CVE-2002-2445	Trust: 0.1

sources: CNVD: CNVD-2015-05133 // VULMON: CVE-2002-2445 // BID: 86877 // JVNDB: JVNDB-2015-003992 // CNNVD: CNNVD-201508-013 // NVD: CVE-2002-2445

REFERENCES

url:	http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/	Trust: 3.4
url:	http://apps.gehealthcare.com/servlet/clientservlet/2338955-100.pdf?req=raa&direction=2338955-100&filename=2338955-100.pdf&filerev=1&docrev_org=1	Trust: 2.0
url:	http://apps.gehealthcare.com/servlet/clientservlet/2354459-100.pdf?req=raa&direction=2354459-100&filename=2354459-100.pdf&filerev=4&docrev_org=4	Trust: 2.0
url:	https://twitter.com/digitalbond/status/619250429751222277	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-2445	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2002-2445	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/86877	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2015-05133 // VULMON: CVE-2002-2445 // BID: 86877 // JVNDB: JVNDB-2015-003992 // CNNVD: CNNVD-201508-013 // NVD: CVE-2002-2445

CREDITS

Unknown

Trust: 0.3

sources: BID: 86877

SOURCES

db:	CNVD	id:	CNVD-2015-05133
db:	VULMON	id:	CVE-2002-2445
db:	BID	id:	86877
db:	JVNDB	id:	JVNDB-2015-003992
db:	CNNVD	id:	CNNVD-201508-013
db:	NVD	id:	CVE-2002-2445

LAST UPDATE DATE

2025-04-13T23:39:37.898000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05133	date:	2015-08-06T00:00:00
db:	VULMON	id:	CVE-2002-2445	date:	2015-09-03T00:00:00
db:	BID	id:	86877	date:	2015-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-003992	date:	2015-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201508-013	date:	2015-08-05T00:00:00
db:	NVD	id:	CVE-2002-2445	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05133	date:	2015-08-06T00:00:00
db:	VULMON	id:	CVE-2002-2445	date:	2015-08-04T00:00:00
db:	BID	id:	86877	date:	2015-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-003992	date:	2015-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201508-013	date:	2015-08-05T00:00:00
db:	NVD	id:	CVE-2002-2445	date:	2015-08-04T14:59:01.817