CVE-2020-25175
high-risk
Published 2020-12-14
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
Do I need to act?
-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
3.0T Signa Hdxt Firmware
3.0T Signa Hd 16 Firmware
3.0T Signa Hd 23 Firmware
1.5T Brivo Mr355 Firmware
Optima Mr360 Firmware
Signa Hdi 1.5T Firmware
Signa Vibrant Firmware
Logiq 5 Bt03 Firmware
Logiq 7 Bt03 Firmware
Logiq 7 Bt04 Firmware
Logiq 7 Bt06 Firmware
Logiq 9 Bt02 Firmware
Logiq 9 Bt03 Firmware
Logiq 9 Bt04 Firmware
Logiq 9 Bt06 Firmware
Vivid I Bt06 Firmware
Vivid 7 Bt02 Firmware
Vivid 7 Bt06 Firmware
Echopac Bt06 Firmware
Image Vault Firmware
Affected Vendors
References (2)
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01
64
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
31/34 · Critical