CVE-2020-6963

EPSS 2.7%CWE-798

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.7%KEV nãoPoC —Patch —

Lifecycle

24 Jan 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.

Affected products

n/a · GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.us-cert.gov/ics/advisories/icsma-20-023-01