CVE-2017-14006

moderate-risk
Published 2018-03-20

GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.

Do I need to act?

-
0.65% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (5)

Xeleris
Xeleris
Xeleris
Xeleris
Xeleris

Affected Vendors

Ge

References (2)

Mitigation https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
Mitigation https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
46
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 12/34 · Low