CVE-2024-1629
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GE HealthCare | Venue | R1 | affected |
| GE HealthCare | Venue | R2 | affected |
| GE HealthCare | Venue | R3 <= R3.3 | affected |
| GE HealthCare | Venue | R4 <= R4.3 | affected |
| GE HealthCare | Venue Go | R2 | affected |
| GE HealthCare | Venue Go | R3 <= R3.3 | affected |
| GE HealthCare | Venue Go | R4 <= R4.3 | affected |
| GE HealthCare | Venue Fit | R3 <= R3.3 | affected |
| GE HealthCare | Venue Fit | R4 <= R4.3 | affected |
| GE HealthCare | LOGIQ e | R7 <= R9.1.4 | affected |
| GE HealthCare | LOGIQ e | R8 <= R10.1.3 | affected |
| GE HealthCare | LOGIQ e | R9 <= R11.0.3 | affected |
| GE HealthCare | LOGIQ He | 0 <= R9.3.1 | affected |
| GE HealthCare | Vivid E | E95 < 206 | affected |
| GE HealthCare | Vivid E | E90 < 206 | affected |
| GE HealthCare | Vivid E | E80 < 206 | affected |
| GE HealthCare | Vivid S | 70N < 206 | affected |
| GE HealthCare | Vivid S | 60N < 206 | affected |
| GE HealthCare | Vivid T | T8 < 206 | affected |
| GE HealthCare | Vivid T | T9 < 206 | affected |
| GE HealthCare | Vivid iq | 0 < 206 | affected |
| GE HealthCare | Voluson Expert 16 | 0 | affected |
| GE HealthCare | Voluson Expert 16 | BT24 | affected |
| GE HealthCare | Voluson Expert 18 | 0 | affected |
| GE HealthCare | Voluson Expert 18 | BT24 | affected |
| GE HealthCare | Voluson Expert 22 | 0 | affected |
| GE HealthCare | Voluson Expert 22 | BT24 | affected |
| GE HealthCare | Voluson SWIFT | 0 | affected |
| GE HealthCare | Voluson SWIFT | BT24 | affected |
| GE HealthCare | LOGIQ E10 | 0 < R3.2.0 | affected |
| GE HealthCare | LOGIQ E10s | 0 < R3.2.0 | affected |
| GE HealthCare | LOGIQ Fortis | 0 < R3.2.0 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.