Authentication Flaws Found Again in GE Medical Imaging Gear
Healthcare IT Security
Marianne Kolbasuk McGee
Critical authentication vulnerabilities contained in certain GE Healthcare medical imaging and ultrasound products could allow attackers to gain access to sensitive patient data, alter data and affect the availability of the equipment, according to advisories issued Tuesday by the vendor and the U.S. Department of Homeland Security.
The vulnerabilities involving default passwords, recently identified by security researchers at healthcare sector security vendor CyberMDX, are scored as CVSS v3 9.8 and are exploitable remotely with a low level of skill, the advisories from GE Healthcare and DHS' Cybersecurity and Infrastructure Security Agency warn.
Specifically, CISA notes that the vulnerabilities involve...