CVE-2024-1628

Summary

OS command injection vulnerabilities in GE HealthCare ultrasound devices

Affected Software

VendorProductVersion RangeStatus
GE HealthCareVenueR1affected
GE HealthCareVenueR2affected
GE HealthCareVenueR3 <= R3.3affected
GE HealthCareVenueR4 <= R4.3affected
GE HealthCareVenue GoR2affected
GE HealthCareVenue GoR3 <= R3.3affected
GE HealthCareVenue GoR4 <= R4.3affected
GE HealthCareVenue FitR3 <= R3.3affected
GE HealthCareVenue FitR4 <= R4.3affected
GE HealthCareLOGIQ eR7 <= R9.1.4affected
GE HealthCareLOGIQ eR8 <= R10.1.3affected
GE HealthCareLOGIQ eR9 <= R11.0.3affected
GE HealthCareLOGIQ He0 <= R9.3.1affected
GE HealthCareVivid EE95 < 206affected
GE HealthCareVivid EE90 < 206affected
GE HealthCareVivid EE80 < 206affected
GE HealthCareVivid S70N < 206affected
GE HealthCareVivid S60N < 206affected
GE HealthCareVivid TT8 < 206affected
GE HealthCareVivid TT9 < 206affected
GE HealthCareVivid iq0 < 206affected
GE HealthCareVoluson Expert 160affected
GE HealthCareVoluson Expert 16BT24 < Ext1affected
GE HealthCareVoluson Expert 180affected
GE HealthCareVoluson Expert 18BT24 < Ext1affected
GE HealthCareVoluson Expert 220affected
GE HealthCareVoluson Expert 22BT24 < Ext1affected
GE HealthCareVoluson SWIFT0affected
GE HealthCareVoluson SWIFTBT24affected
GE HealthCareInvenia ABUS 2.00 <= 2.2.7affected
GE HealthCareLOGIQ E100 < R3.2.0affected
GE HealthCareLOGIQ E10s0 < R3.2.0affected
GE HealthCareLOGIQ Fortis0 < R3.2.0affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References