CVE-2002-2446 | Vulnerability Database | Aqua Security

GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.

Affected Software

Name	Vendor	Start Version	End Version
Millennium_mg_firmware	Gehealthcare	- (including)	- (including)
Millennium_myosight_firmware	Gehealthcare	- (including)	- (including)
Millennium_nc_firmware	Gehealthcare	- (including)	- (including)

References

http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA\u0026DIRECTION=2338955-100\u0026FILENAME=2338955-100.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1
http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA\u0026DIRECTION=2354459-100\u0026FILENAME=2354459-100.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4
http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
https://twitter.com/digitalbond/status/619250429751222277

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-2446
CWE	https://cwe.mitre.org/data/definitions/255.html