CVE-2004-2777 in Healthcare Centricity Image Vault
Summary
by MITRE
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/04/2017
The vulnerability described in CVE-2004-2777 represents a critical security flaw within GE Healthcare Centricity Image Vault version 3.x, specifically targeting authentication mechanisms across multiple system components. This issue exposes default credentials that persist across various administrative accounts, creating a significant attack surface for unauthorized access to medical imaging systems. The vulnerability is particularly concerning given the sensitive nature of healthcare data and the potential for severe privacy breaches and system compromise.
The technical flaw manifests through hardcoded default passwords across multiple administrative accounts within the GE Healthcare system architecture. The administrator account utilizes the password "gemnet" which represents a well-known default credential that attackers can readily exploit without requiring additional reconnaissance. Additionally, the webadmin administrator account of the ASACA DVD library employs the password "webadmin" which follows predictable naming conventions commonly found in legacy medical systems. The gemsservice account of the Ultrasound Database contains an empty password value, creating an authentication bypass opportunity that violates fundamental security principles. The potential password "gemnet2002" for the GEMNet license server account adds another vector for exploitation, though its exact deployment remains unclear.
The operational impact of this vulnerability extends beyond simple unauthorized access, potentially enabling attackers to manipulate medical imaging data, disrupt healthcare services, and compromise patient privacy. The presence of empty passwords and predictable credential patterns creates a cascading security risk where successful exploitation of one account can lead to privilege escalation and broader system compromise. Healthcare organizations using affected systems face significant regulatory compliance risks under HIPAA and other data protection frameworks, as these default credentials represent a clear violation of security best practices. The vulnerability's impact is amplified by the fact that these credentials are likely not changed during system deployment, leaving organizations exposed for extended periods.
Mitigation strategies for this vulnerability must address the immediate credential exposure while implementing broader security controls. Organizations should immediately change all default passwords across affected systems, including the administrator, webadmin, gemsservice, and potentially gemnet2002 accounts. The implementation of strong password policies and regular credential rotation procedures should be enforced across all administrative accounts. Network segmentation and access controls should be implemented to limit exposure of these systems to unauthorized networks. This vulnerability aligns with CWE-798, which addresses the use of hard-coded credentials, and represents a clear violation of ATT&CK technique T1078.004 for valid accounts. System administrators should also conduct comprehensive security assessments to identify other potential default credentials and ensure proper configuration management processes are in place to prevent similar issues in future deployments.