Sign-up

ID

VAR-201508-0013


CVE

CVE-2006-7253


TITLE

GE Healthcare Infinia II Trust Management Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-05143 // CNNVD: CNNVD-201508-017

DESCRIPTION

GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors. GE Healthcare Infinia II is a dual detector imaging system for the medical industry at General Electric (GE). An attacker could exploit this vulnerability to control the device

Trust: 2.43

sources: NVD: CVE-2006-7253 // JVNDB: JVNDB-2015-003996 // CNVD: CNVD-2015-05143 // BID: 76179

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-05143

AFFECTED PRODUCTS

vendor:gehealthcaremodel:infinia iiscope:eqversion:*

Trust: 1.0

vendor:ge healthcaremodel:infinia iiscope: - version: -

Trust: 0.8

vendor:general electricmodel:healthcare infinia iiscope: - version: -

Trust: 0.6

vendor:gehealthcaremodel:infinia iiscope: - version: -

Trust: 0.6

vendor:gehealthcaremodel:infinia iiscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-05143 // BID: 76179 // JVNDB: JVNDB-2015-003996 // CNNVD: CNNVD-201508-017 // NVD: CVE-2006-7253

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-7253
value: HIGH

Trust: 1.0

NVD: CVE-2006-7253
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-05143
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201508-017
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2006-7253
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-05143
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2015-05143 // JVNDB: JVNDB-2015-003996 // CNNVD: CNNVD-201508-017 // NVD: CVE-2006-7253

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2015-003996 // NVD: CVE-2006-7253

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-017

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-017

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003996

PATCH
title:Infinia II System Service Manualurl:http://apps.gehealthcare.com/servlet/ClientServlet/H-xw4100+Workstation.pdf?REQ=RAA&DIRECTION=2411012-100&FILENAME=H-xw4100%2BWorkstation.pdf&FILEREV=6&DOCREV_ORG=6
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003996

EXTERNAL IDS
db:NVDid:CVE-2006-7253
Trust: 3.3
db:JVNDBid:JVNDB-2015-003996
Trust: 0.8
db:CNVDid:CNVD-2015-05143
Trust: 0.6
db:CNNVDid:CNNVD-201508-017
Trust: 0.6
db:BIDid:76179
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-05143 // 
            
            
            
            BID: 76179 // 
            
            
            
            JVNDB: JVNDB-2015-003996 // 
            
            
            
            CNNVD: CNNVD-201508-017 // 
            
            
            
            NVD: CVE-2006-7253

REFERENCES
url:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
Trust: 3.3
url:https://twitter.com/digitalbond/status/619250429751222277
Trust: 1.6
url:http://apps.gehealthcare.com/servlet/clientservlet/h-xw4100+workstation.pdf?req=raa&direction=2411012-100&filename=h-xw4100%2bworkstation.pdf&filerev=6&docrev_org=6
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7253
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-7253
Trust: 0.8
url:http://www3.gehealthcare.com/en
Trust: 0.3
url:http://www3.gehealthcare.com/en/products/categories/goldseal_-_refurbished_systems/goldseal_nuclear_medicine/goldseal_infinia_ii
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-05143 // 
            
            
            
            BID: 76179 // 
            
            
            
            JVNDB: JVNDB-2015-003996 // 
            
            
            
            CNNVD: CNNVD-201508-017 // 
            
            
            
            NVD: CVE-2006-7253

CREDITS
Scott Erven
Trust: 0.3
sources:
            
            
            BID: 76179

SOURCES
db:CNVDid:CNVD-2015-05143
db:BIDid:76179
db:JVNDBid:JVNDB-2015-003996
db:CNNVDid:CNNVD-201508-017
db:NVDid:CVE-2006-7253

LAST UPDATE DATE
2025-04-13T23:18:04.830000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05143date:2015-08-06T00:00:00
db:BIDid:76179date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-003996date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201508-017date:2015-08-05T00:00:00
db:NVDid:CVE-2006-7253date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-05143date:2015-08-06T00:00:00
db:BIDid:76179date:2015-08-04T00:00:00
db:JVNDBid:JVNDB-2015-003996date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201508-017date:2015-08-05T00:00:00
db:NVDid:CVE-2006-7253date:2015-08-04T14:59:06.237