Sign-up

ID

VAR-201508-0010


CVE

CVE-2010-5308


TITLE

GE Healthcare Optima MR360 Vulnerabilities to gain access to

Trust: 0.8

sources: JVNDB: JVNDB-2015-004015

DESCRIPTION

GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default. GE Healthcare Optima MR360 is a magnetic resonance imaging (MRI) system for the medical industry. An attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device

Trust: 2.52

sources: NVD: CVE-2010-5308 // JVNDB: JVNDB-2015-004015 // CNVD: CNVD-2015-05172 // BID: 76260 // VULHUB: VHN-47913

AFFECTED PRODUCTS

vendor:gehealthcaremodel:optima mr360scope:eqversion: -

Trust: 1.6

vendor:ge healthcaremodel:optima mr360scope: - version: -

Trust: 0.8

vendor:general electricmodel:optima mr360scope: - version: -

Trust: 0.6

vendor:gehealthcaremodel:optima mr360scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-05172 // BID: 76260 // JVNDB: JVNDB-2015-004015 // CNNVD: CNNVD-201508-022 // NVD: CVE-2010-5308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-5308
value: HIGH

Trust: 1.0

NVD: CVE-2010-5308
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-05172
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201508-022
value: CRITICAL

Trust: 0.6

VULHUB: VHN-47913
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-5308
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-05172
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-47913
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-05172 // VULHUB: VHN-47913 // JVNDB: JVNDB-2015-004015 // CNNVD: CNNVD-201508-022 // NVD: CVE-2010-5308

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-47913 // JVNDB: JVNDB-2015-004015 // NVD: CVE-2010-5308

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-022

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-022

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004015

PATCH
title:Optima MR360 1.5T MR system Operator Manualurl:http://apps.gehealthcare.com/servlet/ClientServlet/MR360%20operator%20manual%20paper.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=5339461-1EN&FILENAME=MR360+operator+manual+paper.pdf&FILEREV=4&DOCREV_ORG=4&SUBMIT=+ACCEPT+
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004015

EXTERNAL IDS
db:NVDid:CVE-2010-5308
Trust: 3.4
db:JVNDBid:JVNDB-2015-004015
Trust: 0.8
db:CNNVDid:CNNVD-201508-022
Trust: 0.7
db:CNVDid:CNVD-2015-05172
Trust: 0.6
db:BIDid:76260
Trust: 0.4
db:VULHUBid:VHN-47913
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05172 // 
            
            
            
            VULHUB: VHN-47913 // 
            
            
            
            BID: 76260 // 
            
            
            
            JVNDB: JVNDB-2015-004015 // 
            
            
            
            CNNVD: CNNVD-201508-022 // 
            
            
            
            NVD: CVE-2010-5308

REFERENCES
url:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
Trust: 3.4
url:https://twitter.com/digitalbond/status/619250429751222277
Trust: 2.0
url:http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa&direction=5339461-1en&filename=mr360%2boperator%2bmanual%2bpaper.pdf&filerev=4&docrev_org=4
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5308
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5308
Trust: 0.8
url:http://www3.gehealthcare.com/en/global_gateway
Trust: 0.3
url:http://apps.gehealthcare.com/servlet/clientservlet/mr360%20operator%20manual%20paper.pdf?docclass=a&req=rac&direction=5339461-1en&filename=mr360+operator+manual+paper.pdf&filerev=4&docrev_org=4&submit
Trust: 0.3
url:http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa&direction=5339461-1en&filename=mr360%2boperator%2bmanual%2bpaper.pdf&filerev=4&docrev_org=4
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-05172 // 
            
            
            
            VULHUB: VHN-47913 // 
            
            
            
            BID: 76260 // 
            
            
            
            JVNDB: JVNDB-2015-004015 // 
            
            
            
            CNNVD: CNNVD-201508-022 // 
            
            
            
            NVD: CVE-2010-5308

CREDITS
Scott Erven
Trust: 0.3
sources:
            
            
            BID: 76260

SOURCES
db:CNVDid:CNVD-2015-05172
db:VULHUBid:VHN-47913
db:BIDid:76260
db:JVNDBid:JVNDB-2015-004015
db:CNNVDid:CNNVD-201508-022
db:NVDid:CVE-2010-5308

LAST UPDATE DATE
2025-04-13T23:37:31.686000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05172date:2015-08-11T00:00:00
db:VULHUBid:VHN-47913date:2015-08-05T00:00:00
db:BIDid:76260date:2015-07-10T00:00:00
db:JVNDBid:JVNDB-2015-004015date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201508-022date:2015-08-06T00:00:00
db:NVDid:CVE-2010-5308date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-05172date:2015-08-11T00:00:00
db:VULHUBid:VHN-47913date:2015-08-04T00:00:00
db:BIDid:76260date:2015-07-10T00:00:00
db:JVNDBid:JVNDB-2015-004015date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201508-022date:2015-08-05T00:00:00
db:NVDid:CVE-2010-5308date:2015-08-04T14:59:11.503