Details of VAR-201508-0152

ID

VAR-201508-0152

CVE

CVE-2013-7405

TITLE

GE Healthcare Centricity DMS Ad Hoc Reporting Trust Management Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-05138 // CNNVD: CNNVD-201508-033

DESCRIPTION

The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Centricity DMS is a cardiology clinical education data management system for the medical industry from General Electric (GE). An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

Trust: 2.52

sources: NVD: CVE-2013-7405 // JVNDB: JVNDB-2015-004008 // CNVD: CNVD-2015-05138 // BID: 76166 // VULMON: CVE-2013-7405

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05138

AFFECTED PRODUCTS

vendor:	gehealthcare	model:	centricity dms	scope:	eq	version:	4.2	Trust: 1.9
vendor:	ge healthcare	model:	centricity cardiology data management system	scope:	eq	version:	4.2	Trust: 0.8
vendor:	ge	model:	centricity dms	scope:	eq	version:	4.2	Trust: 0.6

sources: CNVD: CNVD-2015-05138 // BID: 76166 // JVNDB: JVNDB-2015-004008 // CNNVD: CNNVD-201508-033 // NVD: CVE-2013-7405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-7405
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-7405
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-05138
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201508-033
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2013-7405
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-7405
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-05138
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-05138 // VULMON: CVE-2013-7405 // JVNDB: JVNDB-2015-004008 // CNNVD: CNNVD-201508-033 // NVD: CVE-2013-7405

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2015-004008 // NVD: CVE-2013-7405

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-033

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-033

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004008

PATCH

title:

Centricity* Cardiology Data Management System DMS Admin. - v. 4.2 Master Trainer Guide

url:

http://apps.gehealthcare.com/servlet/ClientServlet/0908141_DMS%204.2%20MTG.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=0908141&FILENAME=0908141_DMS+4.2+MTG.pdf&FILEREV=D&DOCREV_ORG=D&SUBMIT=+ACCEPT+

Trust: 0.8

sources: JVNDB: JVNDB-2015-004008

EXTERNAL IDS

db:	NVD	id:	CVE-2013-7405	Trust: 3.4
db:	JVNDB	id:	JVNDB-2015-004008	Trust: 0.8
db:	CNVD	id:	CNVD-2015-05138	Trust: 0.6
db:	CNNVD	id:	CNNVD-201508-033	Trust: 0.6
db:	BID	id:	76166	Trust: 0.4
db:	VULMON	id:	CVE-2013-7405	Trust: 0.1

sources: CNVD: CNVD-2015-05138 // VULMON: CVE-2013-7405 // BID: 76166 // JVNDB: JVNDB-2015-004008 // CNNVD: CNNVD-201508-033 // NVD: CVE-2013-7405

REFERENCES

url:	http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/	Trust: 2.5
url:	http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms+4.2+mtg.pdf?req=raa&direction=0908141&filename=0908141_dms%2b4.2%2bmtg.pdf&filerev=d&docrev_org=d	Trust: 1.7
url:	https://twitter.com/digitalbond/status/619250429751222277	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7405	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7405	Trust: 0.8
url:	http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms+4.2+mtg.pdf?req=raa&direction=0908141&filename=0908141_dms%2b4.2%2bmtg.pdf&filerev=d&docrev_org=d	Trust: 0.6
url:	http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms%204.2%20mtg.pdf?docclass=a&req=rac&direction=0908141&filename=0908141_dms+4.2+mtg.pdf&filerev=d&docrev_org=d&submit=+accept+	Trust: 0.3
url:	http://www3.gehealthcare.com/en	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/255.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/76166	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2015-05138 // VULMON: CVE-2013-7405 // BID: 76166 // JVNDB: JVNDB-2015-004008 // CNNVD: CNNVD-201508-033 // NVD: CVE-2013-7405

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 76166

SOURCES

db:	CNVD	id:	CNVD-2015-05138
db:	VULMON	id:	CVE-2013-7405
db:	BID	id:	76166
db:	JVNDB	id:	JVNDB-2015-004008
db:	CNNVD	id:	CNNVD-201508-033
db:	NVD	id:	CVE-2013-7405

LAST UPDATE DATE

2025-04-13T23:39:37.837000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05138	date:	2015-08-06T00:00:00
db:	VULMON	id:	CVE-2013-7405	date:	2015-08-04T00:00:00
db:	BID	id:	76166	date:	2015-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-004008	date:	2015-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201508-033	date:	2015-08-05T00:00:00
db:	NVD	id:	CVE-2013-7405	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05138	date:	2015-08-06T00:00:00
db:	VULMON	id:	CVE-2013-7405	date:	2015-08-04T00:00:00
db:	BID	id:	76166	date:	2015-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-004008	date:	2015-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201508-033	date:	2015-08-05T00:00:00
db:	NVD	id:	CVE-2013-7405	date:	2015-08-04T14:59:22.643