CVE-2024-1629
📋 TL;DR
A path traversal vulnerability in the 'deleteFiles' function of GE HealthCare's Common Service Desktop component allows attackers to delete arbitrary files on ultrasound devices. This affects GE HealthCare ultrasound systems running vulnerable versions of the Common Service Desktop software.
💻 Affected Systems
- GE HealthCare ultrasound devices with Common Service Desktop component
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through deletion of critical system files, potentially rendering the ultrasound device inoperable and disrupting medical services.
Likely Case
Disruption of ultrasound device functionality through deletion of configuration or data files, requiring service intervention to restore.
If Mitigated
Limited impact if proper network segmentation and access controls prevent unauthorized access to the vulnerable component.
🎯 Exploit Status
Requires network access to the vulnerable component and knowledge of the specific API endpoint. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in available references
Vendor Advisory: https://securityupdate.gehealthcare.com/
Restart Required: Yes
Instructions:
1. Contact GE HealthCare support for specific patch information. 2. Schedule maintenance window for medical device updates. 3. Apply patch following GE HealthCare's medical device update procedures. 4. Verify patch installation and system functionality.
🔧 Temporary Workarounds
Network Segmentation
allIsolate ultrasound devices on separate VLANs with strict access controls
Access Control Lists
allImplement firewall rules to restrict access to Common Service Desktop ports
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected ultrasound devices
- Monitor network traffic to/from ultrasound devices for suspicious file deletion attempts
🔍 How to Verify
Check if Vulnerable:
Check with GE HealthCare support for specific version vulnerability assessmentCheck Version:
Device-specific commands provided by GE HealthCare (consult device documentation)Verify Fix Applied:
Verify patch installation through GE HealthCare device management tools and confirm version updates📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion events in device logs
- Multiple delete operations from single source
- File deletion attempts outside expected directories
Network Indicators:
- Unusual traffic patterns to ultrasound device management ports
- Multiple HTTP requests to delete endpoints
SIEM Query:
source="ultrasound_device" AND (event_type="file_deletion" OR action="delete") AND path NOT CONTAINS "expected_directory"