CVE-2024-1629

Summary

Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component

Affected Software

VendorProductVersion RangeStatus
GE HealthCareVenueR1affected
GE HealthCareVenueR2affected
GE HealthCareVenueR3 <= R3.3affected
GE HealthCareVenueR4 <= R4.3affected
GE HealthCareVenue GoR2affected
GE HealthCareVenue GoR3 <= R3.3affected
GE HealthCareVenue GoR4 <= R4.3affected
GE HealthCareVenue FitR3 <= R3.3affected
GE HealthCareVenue FitR4 <= R4.3affected
GE HealthCareLOGIQ eR7 <= R9.1.4affected
GE HealthCareLOGIQ eR8 <= R10.1.3affected
GE HealthCareLOGIQ eR9 <= R11.0.3affected
GE HealthCareLOGIQ He0 <= R9.3.1affected
GE HealthCareVivid EE95 < 206affected
GE HealthCareVivid EE90 < 206affected
GE HealthCareVivid EE80 < 206affected
GE HealthCareVivid S70N < 206affected
GE HealthCareVivid S60N < 206affected
GE HealthCareVivid TT8 < 206affected
GE HealthCareVivid TT9 < 206affected
GE HealthCareVivid iq0 < 206affected
GE HealthCareVoluson Expert 160affected
GE HealthCareVoluson Expert 16BT24affected
GE HealthCareVoluson Expert 180affected
GE HealthCareVoluson Expert 18BT24affected
GE HealthCareVoluson Expert 220affected
GE HealthCareVoluson Expert 22BT24affected
GE HealthCareVoluson SWIFT0affected
GE HealthCareVoluson SWIFTBT24affected
GE HealthCareLOGIQ E100 < R3.2.0affected
GE HealthCareLOGIQ E10s0 < R3.2.0affected
GE HealthCareLOGIQ Fortis0 < R3.2.0affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References