GE Aestiva and Aespire versions 7100 and 7900 Improper Authentication Vulnerability
In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms.
The information has been provided by Elad Luz
Successful exploitation of this vulnerability could allow an attacker the ability to remotely modify GE Healthcare anesthesia device parameters. This results from the configuration exposure of certain terminal server implementations that extend GE Healthcare anesthesia device serial ports to TCP/IP networks.
GE Aestiva 7100, 7900, MRI
GE Aespire 7100, 7900, 100, Protiva, Carestation, View
GE Aisys, Aisys CS2 Avance, Amingo, Avance CS2
GE Carestation 620, 650, 650c