CyberMDX Kambani ruzivo nezve , inobata zvakasiyana-siyana GE Healthcare mishonga yezvokurapa yakagadzirirwa kutarisa mamiriro evarwere. Kusagadzikana kushanu kunopihwa iyo yakanyanya kuomarara nhanho (CVSSv3 10 kunze kwegumi). Kusagadzikana kwacho kwakanzi codenamed MDhex uye kunonyanya kuenderana nekushandiswa kweyaimbozivikanwa pre-yakaiswa zvitupa zvakashandiswa pane ese akatevedzana emidziyo.
- CVE-2020-6961 - kuendesa pamidziyo yeyakajairwa SSH kiyi kune yese chigadzirwa mutsara, iyo inokutendera kuti ubatanidze kune chero mudziyo uye uite kodhi pairi. Iyi kiyi inoshandiswa zvakare panguva yekuvandudza kuendesa maitiro.
- CVE-2020-6962 - yakafanotsanangurwa zvitupa zvakajairika kune ese maturusi ekunyora uye kuverenga kuwana kune iyo faira system kuburikidza neSMB protocol;
- CVE-2020-6963 - kugona kushandisa MultiMouse uye Kavoom KM zvikumbiro kudzora kure mudziyo (kutevedzera keyboard, mbeva uye clipboard) pasina humbowo;
- CVE-2020-6964 - yakafanotsanangurwa VNC yekubatanidza paramita kune ese maturusi;
- CVE-2020-6965 - preset vhezheni yeWebmin inobvumira kure kure nekodzero dzemidzi;
- CVE-2020-6966 - Iyo inogadziridza yekuisa maneja inoshandiswa pamidziyo inobvumira kuvandudza spoofing (zvigadziriso zvinosimbiswa neinozivikanwa SSH kiyi).
Matambudziko anokanganisa maseva ekuunganidza telemetry ApexPro uye CARESCAPE Telemetry Server, iyo CIC (Clinical Information Center) uye CSCS (CARESCAPE Central Station) mapuratifomu, pamwe neB450, B650 uye B850 masystem ekutarisisa varwere. Kusagadzikana kunobvumira kutonga kwakazara pamusoro pemidziyo, iyo inogona kushandiswa kuita shanduko padanho rekushandisa system, kudzima alarm, kana spoof murwere data.
Kuti arwise, anorwisa anofanira kukwanisa kumisa network network kune mudziyo, semuenzaniso nekubatanidza kune network yechipatara. Sezvo kudzivirira workarounds bvisa iyo subnet nemidziyo yekurapa kubva kune general chipatara network uye block network zviteshi 22, 137, 138, 139, 445, 10000, 5225, 5800, 5900 uye 10001 pafirewall.
Source: opennet.ru