CVE-2024-27106— Vulnerable data in transit in GE HealthCare EchoPAC products

CVSS 5.7 · Medium EPSS 0.05% · P17 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-27106

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Vulnerable data in transit in GE HealthCare EchoPAC products

Source: NVD (National Vulnerability Database)

Vulnerability Description

Vulnerable data in transit in GE HealthCare EchoPAC products

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

敏感数据加密缺失

Source: NVD (National Vulnerability Database)

Vulnerability Title

General Electric Healthcare Imaging 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

GE General Electric Healthcare Imaging是美国通用电气（GE）公司的一个医学成像设备。 General Electric Healthcare Imaging存在安全漏洞，该漏洞源于传输中的数据存在漏洞。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	CPE
GE HealthCare	EchoPAC Software Only	-
GE HealthCare	ImageVault	-
GE HealthCare	EchoPAC Turnkey	-

II. Public POCs for CVE-2024-27106

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-27106

请登录查看更多情报信息。

Same Patch Batch · GE HealthCare · 2024-05-14 · 9 CVEs total

CVE-2024-27107	9.6 CRITICAL	Weak account password in GE HealthCare EchoPAC products
CVE-2024-1628	8.4 HIGH	OS command injection vulnerabilities in GE HealthCare ultrasound devices
CVE-2024-27110	8.4 HIGH	Elevation of privilege vulnerability in GE HealthCare EchoPAC products
CVE-2024-1630	7.7 HIGH	Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop,
CVE-2024-27109	7.6 HIGH	Insufficiently protected credentials in GE HealthCare EchoPAC products
CVE-2024-1486	7.4 HIGH	Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound
CVE-2024-27108	6.8 MEDIUM	Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products
CVE-2024-1629	6.2 MEDIUM	Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE Hea

IV. Related Vulnerabilities

Same product: EchoPAC Software Only

Same vendor: GE HealthCare

Same weakness: CWE-311

V. Comments for CVE-2024-27106

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-27106— Vulnerable data in transit in GE HealthCare EchoPAC products

I. Basic Information for CVE-2024-27106

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-27106

III. Intelligence Information for CVE-2024-27106

Same Patch Batch · GE HealthCare · 2024-05-14 · 9 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-27106

Leave a comment