CVE-2024-1486
7.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GE HealthCare | Venue | R1 | affected |
| GE HealthCare | Venue | R2 | affected |
| GE HealthCare | Venue | R3 <= R3.3 | affected |
| GE HealthCare | Venue | R4 <= R4.2 | affected |
| GE HealthCare | Venue Go | R2 | affected |
| GE HealthCare | Venue Go | R3 <= R3.3 | affected |
| GE HealthCare | Venue Go | R4 <= R4.2 | affected |
| GE HealthCare | Venue Fit | R3 <= R3.3 | affected |
| GE HealthCare | Venue Fit | R4 <= R4.2 | affected |
| GE HealthCare | LOGIQ e | R7 <= R9.1.4 | affected |
| GE HealthCare | LOGIQ e | R8 <= R10.1.3 | affected |
| GE HealthCare | LOGIQ e | R9 <= R11.0.2 | affected |
| GE HealthCare | LOGIQ He | 0 <= R9.3.1 | affected |
| GE HealthCare | Vivid E | E95 < 206 | affected |
| GE HealthCare | Vivid E | E90 < 206 | affected |
| GE HealthCare | Vivid E | E80 < 206 | affected |
| GE HealthCare | Vivid E | E9 113.2 <= 113.2 | affected |
| GE HealthCare | Vivid S | 70N < 206 | affected |
| GE HealthCare | Vivid S | 60N < 206 | affected |
| GE HealthCare | Vivid T | T8 < 206 | affected |
| GE HealthCare | Vivid T | T9 < 206 | affected |
| GE HealthCare | Vivid iq | 0 < 206 | affected |
| GE HealthCare | Invenia ABUS | 1.2.3 | affected |
| GE HealthCare | Invenia ABUS 2.0 | 0 < 2.2.9 | affected |
Weaknesses
- CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.