Details of VAR-201508-0526

ID

VAR-201508-0526

CVE

CVE-2014-9736

TITLE

GE Healthcare Centricity Clinical Archive Audit Trail Repository Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-004012

DESCRIPTION

GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks

Trust: 2.43

sources: NVD: CVE-2014-9736 // JVNDB: JVNDB-2015-004012 // CNVD: CNVD-2015-05134 // BID: 76164

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05134

AFFECTED PRODUCTS

vendor:	gehealthcare	model:	centricity clinical archive audit trail repository	scope:	eq	version:	*	Trust: 1.0
vendor:	ge healthcare	model:	centricity clinical archive audit trail repository	scope:	-	version:	-	Trust: 0.8
vendor:	ge	model:	centricity clinical archive audit trail repository	scope:	-	version:	-	Trust: 0.6
vendor:	gehealthcare	model:	centricity clinical archive audit trail repository	scope:	-	version:	-	Trust: 0.6
vendor:	general	model:	electric healthcare centricity clinical archive audit trail repository	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2015-05134 // BID: 76164 // JVNDB: JVNDB-2015-004012 // CNNVD: CNNVD-201508-037 // NVD: CVE-2014-9736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9736
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-9736
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-05134
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201508-037
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2014-9736
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-05134
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-05134 // JVNDB: JVNDB-2015-004012 // CNNVD: CNNVD-201508-037 // NVD: CVE-2014-9736

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2015-004012 // NVD: CVE-2014-9736

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-037

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201508-037

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004012

PATCH

title:

Audit Trail Repository Installation and Service Manual

url:

http://apps.gehealthcare.com/servlet/ClientServlet/DOC1474072_ATR_InstSvcMan.pdf?REQ=RAA&DIRECTION=DOC1474072&FILENAME=DOC1474072_ATR_InstSvcMan.pdf&FILEREV=--&DOCREV_ORG=--

Trust: 0.8

sources: JVNDB: JVNDB-2015-004012

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9736	Trust: 3.3
db:	JVNDB	id:	JVNDB-2015-004012	Trust: 0.8
db:	CNVD	id:	CNVD-2015-05134	Trust: 0.6
db:	CNNVD	id:	CNNVD-201508-037	Trust: 0.6
db:	BID	id:	76164	Trust: 0.3

sources: CNVD: CNVD-2015-05134 // BID: 76164 // JVNDB: JVNDB-2015-004012 // CNNVD: CNNVD-201508-037 // NVD: CVE-2014-9736

REFERENCES

url:	http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/	Trust: 2.7
url:	https://twitter.com/digitalbond/status/619250429751222277	Trust: 1.9
url:	http://apps.gehealthcare.com/servlet/clientservlet/doc1474072_atr_instsvcman.pdf?req=raa&direction=doc1474072&filename=doc1474072_atr_instsvcman.pdf&filerev=--&docrev_org=--	Trust: 1.6
url:	http://apps.gehealthcare.com/servlet/clientservlet/doc1474072_atr_instsvcman.pdf?req=raa&direction=doc1474072&filename=doc1474072_atr_instsvcman.pdf&filerev=--&docrev_org=--	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9736	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9736	Trust: 0.8
url:	http://apps.gehealthcare.com/servlet/clientservlet/doc1474072_atr_instsvcman.pdf?req=raa&direction=doc1474072&filename=doc1474072_atr_instsvcman.pdf&filerev=--&docrev_org=--	Trust: 0.3
url:	http://www3.gehealthcare.com/en/global_gateway	Trust: 0.3

sources: CNVD: CNVD-2015-05134 // BID: 76164 // JVNDB: JVNDB-2015-004012 // CNNVD: CNNVD-201508-037 // NVD: CVE-2014-9736

CREDITS

Scott Erven of Protiviti.

Trust: 0.3

sources: BID: 76164

SOURCES

db:	CNVD	id:	CNVD-2015-05134
db:	BID	id:	76164
db:	JVNDB	id:	JVNDB-2015-004012
db:	CNNVD	id:	CNNVD-201508-037
db:	NVD	id:	CVE-2014-9736

LAST UPDATE DATE

2025-04-13T23:14:30.581000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05134	date:	2015-08-06T00:00:00
db:	BID	id:	76164	date:	2015-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-004012	date:	2015-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201508-037	date:	2015-08-05T00:00:00
db:	NVD	id:	CVE-2014-9736	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05134	date:	2015-08-06T00:00:00
db:	BID	id:	76164	date:	2015-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-004012	date:	2015-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201508-037	date:	2015-08-05T00:00:00
db:	NVD	id:	CVE-2014-9736	date:	2015-08-04T14:59:26.720