CVE-2024-1486

Summary

Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices

Affected Software

VendorProductVersion RangeStatus
GE HealthCareVenueR1affected
GE HealthCareVenueR2affected
GE HealthCareVenueR3 <= R3.3affected
GE HealthCareVenueR4 <= R4.2affected
GE HealthCareVenue GoR2affected
GE HealthCareVenue GoR3 <= R3.3affected
GE HealthCareVenue GoR4 <= R4.2affected
GE HealthCareVenue FitR3 <= R3.3affected
GE HealthCareVenue FitR4 <= R4.2affected
GE HealthCareLOGIQ eR7 <= R9.1.4affected
GE HealthCareLOGIQ eR8 <= R10.1.3affected
GE HealthCareLOGIQ eR9 <= R11.0.2affected
GE HealthCareLOGIQ He0 <= R9.3.1affected
GE HealthCareVivid EE95 < 206affected
GE HealthCareVivid EE90 < 206affected
GE HealthCareVivid EE80 < 206affected
GE HealthCareVivid EE9 113.2 <= 113.2affected
GE HealthCareVivid S70N < 206affected
GE HealthCareVivid S60N < 206affected
GE HealthCareVivid TT8 < 206affected
GE HealthCareVivid TT9 < 206affected
GE HealthCareVivid iq0 < 206affected
GE HealthCareInvenia ABUS1.2.3affected
GE HealthCareInvenia ABUS 2.00 < 2.2.9affected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References