CVEbaza.plCWE DictionaryCWE-255
Common Weakness Enumeration

CWE-255

CVE: 786
CVE vulnerabilities with CWE-255 (786)
10.0
CVSS
CRITICAL
CVE-2016-0898

MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.

pub. 2018-03-29
10.0
CVSS
HIGH
CVE-2015-7906

LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors.

pub. 2015-12-21
10.0
CVSS
HIGH
CVE-2015-7856

OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.

pub. 2015-10-16
10.0
CVSS
HIGH
CVE-2001-1594

GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2002-2446

GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2003-1603

GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2004-2777

GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2006-7253

GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2007-6757

GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2009-5143

GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2010-5306

GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2010-5307

The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2010-5308

GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2010-5309

GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2010-5310

The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2011-5322

GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for the analyst user, (3) G3car3s for the ccg user, (4) V0yag3r for the viewer user, and (5) geservice for the geservice user in the Webmin interface, which has unspecified impact and attack vectors.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2011-5323

GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2011-5324

The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2012-6660

GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.

pub. 2015-08-04
10.0
CVSS
HIGH
CVE-2012-6693

GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors.

pub. 2015-08-04
Showing 20 of 786 vulnerabilities
Information
ID: CWE-255
Vulnerabilities: 786
MITRE CWE ↗
← CWE Dictionary