Devices in a dozen families affected
GE's closed source management software runs on top of the Unix-based operating system installed on medical imaging systems to enable remote maintenance and update procedures.
The MDHexRay vulnerability consists in using default credentials on every installation of the this software to authenticate to GE's servers for update and maintenance tasks. The credentials are publicly available.
Healthcare cybersecurity company
CyberMDX discovered and named the vulnerability. The researchers reported the flaw towards the end of May 2020 and have been assisting GE Healthcare in finding a mitigation solution.
DaVita Confirms Data Breach Impacting 2.4 Million Patients
Three Unpatched Vulnerabilities Plague Comodo. Documented Online.
Critical Security Flaws Found in eCharge EV Charging Stations