CVE-2011-5324 - Vulnerability Details - OpenCVE

The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gehealthcare	Centricity Pacs-iw

Configuration 1 [-]

OR	cpe:2.3:a:gehealthcare:centricity_pacs-iw:3.7.3.7:::::::*
	cpe:2.3:a:gehealthcare:centricity_pacs-iw:3.7.3.8:::::::*

No data.

References

Link	Providers
http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.7+Installation+Guide.pdf?REQ=RAA&DIRECTION=DOC0947634&FILENAME=3.7.3.7%2BInstallation%2BGuide.pdf&FILEREV=1&DOCREV_ORG=1
http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.8+Installation+guide.pdf?REQ=RAA&DIRECTION=DOC1059456&FILENAME=3.7.3.8%2BInstallation%2Bguide.pdf&FILEREV=1&DOCREV_ORG=1
http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
https://twitter.com/digitalbond/status/619250429751222277

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-08-04T10:00:00

Updated: 2024-08-07T00:30:46.840Z

Reserved: 2015-07-05T00:00:00

Link: CVE-2011-5324

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-08-04T14:59:16.660

Modified: 2025-04-12T10:46:40.837

Link: CVE-2011-5324

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-08-04T09:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.7+Installation+Guide.pdf?REQ=RAA&DIRECTION=DOC0947634&FILENAME=3.7.3.7%2BInstallation%2BGuide.pdf&FILEREV=1&DOCREV_ORG=1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.8+Installation+guide.pdf?REQ=RAA&DIRECTION=DOC1059456&FILENAME=3.7.3.8%2BInstallation%2Bguide.pdf&FILEREV=1&DOCREV_ORG=1"}, {"tags": ["x_refsource_MISC"], "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/digitalbond/status/619250429751222277"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-5324", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.7+Installation+Guide.pdf?REQ=RAA&DIRECTION=DOC0947634&FILENAME=3.7.3.7%2BInstallation%2BGuide.pdf&FILEREV=1&DOCREV_ORG=1", "refsource": "CONFIRM", "url": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.7+Installation+Guide.pdf?REQ=RAA&DIRECTION=DOC0947634&FILENAME=3.7.3.7%2BInstallation%2BGuide.pdf&FILEREV=1&DOCREV_ORG=1"}, {"name": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.8+Installation+guide.pdf?REQ=RAA&DIRECTION=DOC1059456&FILENAME=3.7.3.8%2BInstallation%2Bguide.pdf&FILEREV=1&DOCREV_ORG=1", "refsource": "CONFIRM", "url": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.8+Installation+guide.pdf?REQ=RAA&DIRECTION=DOC1059456&FILENAME=3.7.3.8%2BInstallation%2Bguide.pdf&FILEREV=1&DOCREV_ORG=1"}, {"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", "refsource": "MISC", "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"}, {"name": "https://twitter.com/digitalbond/status/619250429751222277", "refsource": "MISC", "url": "https://twitter.com/digitalbond/status/619250429751222277"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:30:46.840Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.7+Installation+Guide.pdf?REQ=RAA&DIRECTION=DOC0947634&FILENAME=3.7.3.7%2BInstallation%2BGuide.pdf&FILEREV=1&DOCREV_ORG=1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.8+Installation+guide.pdf?REQ=RAA&DIRECTION=DOC1059456&FILENAME=3.7.3.8%2BInstallation%2Bguide.pdf&FILEREV=1&DOCREV_ORG=1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/digitalbond/status/619250429751222277"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-5324", "datePublished": "2015-08-04T10:00:00", "dateReserved": "2015-07-05T00:00:00", "dateUpdated": "2024-08-07T00:30:46.840Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gehealthcare:centricity_pacs-iw:3.7.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "07FDE212-A964-4EBE-B8C5-DA38D5E4F7AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gehealthcare:centricity_pacs-iw:3.7.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "6907C6E4-83A8-4771-942B-27D860B39763", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."}, {"lang": "es", "value": "Vulnerabilidad en TeraRecon server, tal como se usa en GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8 y posiblemete en otras versiones, tiene una contrase\u00f1a de (1) shared para el usuario shared y (2) scan para el usuario scan, lo cual tiene un impacto y vectores de ataque no especificados. NOTA: no est\u00e1 claro si esta contrase\u00f1a es por defecto, embebida o dependiente de otro sistema o producto que requiera un valor fijo."}], "id": "CVE-2011-5324", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-04T14:59:16.660", "references": [{"source": "cve@mitre.org", "url": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.7+Installation+Guide.pdf?REQ=RAA&DIRECTION=DOC0947634&FILENAME=3.7.3.7%2BInstallation%2BGuide.pdf&FILEREV=1&DOCREV_ORG=1"}, {"source": "cve@mitre.org", "url": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.8+Installation+guide.pdf?REQ=RAA&DIRECTION=DOC1059456&FILENAME=3.7.3.8%2BInstallation%2Bguide.pdf&FILEREV=1&DOCREV_ORG=1"}, {"source": "cve@mitre.org", "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"}, {"source": "cve@mitre.org", "url": "https://twitter.com/digitalbond/status/619250429751222277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.7+Installation+Guide.pdf?REQ=RAA&DIRECTION=DOC0947634&FILENAME=3.7.3.7%2BInstallation%2BGuide.pdf&FILEREV=1&DOCREV_ORG=1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://apps.gehealthcare.com/servlet/ClientServlet/3.7.3.8+Installation+guide.pdf?REQ=RAA&DIRECTION=DOC1059456&FILENAME=3.7.3.8%2BInstallation%2Bguide.pdf&FILEREV=1&DOCREV_ORG=1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://twitter.com/digitalbond/status/619250429751222277"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}