CVE-2010-5307

The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.

Affected Software

References

• http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4
• http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
• https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
• https://twitter.com/digitalbond/status/619250429751222277
• http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4
• http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
• https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
• https://twitter.com/digitalbond/status/619250429751222277