Description
OS command injection vulnerabilities in GE HealthCare ultrasound devices
Reserved 2024-02-19 | Published 2024-05-14 | Updated 2024-08-01 | Assigner
GEHCHIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem types
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Product status
Default status
unaffected
R1
affected
R2
affected
R3
affected
R4
affected
Default status
unaffected
R2
affected
R3
affected
R4
affected
Default status
unaffected
R3
affected
R4
affected
Default status
unaffected
R7
affected
R8
affected
R9
affected
Default status
unaffected
Any version
affected
Default status
unaffected
E95 before 206
affected
E90 before 206
affected
E80 before 206
affected
Default status
unaffected
70N before 206
affected
60N before 206
affected
Default status
unaffected
T8 before 206
affected
T9 before 206
affected
Default status
unaffected
Any version before 206
affected
Default status
unaffected
Any version
affected
BT24 before Ext1
affected
Default status
unaffected
Any version
affected
BT24 before Ext1
affected
Default status
unaffected
Any version
affected
BT24 before Ext1
affected
Default status
unaffected
Any version
affected
BT24
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version before R3.2.0
affected
Default status
unaffected
Any version before R3.2.0
affected
Default status
unaffected
Any version before R3.2.0
affected
Credits
Andrea Palanca and Gabriele Quagliarella of Nozomi Networks finder
References
securityupdate.gehealthcare.com/
cve.org (CVE-2024-1628)
nvd.nist.gov (CVE-2024-1628)
Download JSON
Subscribe to our newsletter to learn more about our work.