CVE-2012-6695 in Healthcare Centricity PACS Workstation
Summary
by MITRE
GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 09/04/2017
The vulnerability identified as CVE-2012-6695 affects GE Healthcare Centricity PACS Workstation versions 4.0 and 4.0.1, presenting a critical security weakness through a hardcoded administrative credential. This issue falls under the category of weak authentication mechanisms and represents a significant risk to healthcare information systems where patient medical data is stored and processed. The presence of a default password for the ddpadmin user account creates an exploitable condition that adversaries can leverage to gain unauthorized access to the system. The unspecified impact and attack vectors indicate that this vulnerability could potentially lead to full system compromise, data exfiltration, or disruption of critical medical services. The ambiguity regarding whether this password is truly default, hardcoded, or dependent on external systems reflects the complexity of legacy healthcare software configurations where multiple components may interact in unpredictable ways.
From a technical perspective, this vulnerability aligns with CWE-798, which addresses the use of hard-coded credentials, and represents a direct violation of security best practices for authentication mechanisms. The ddpadmin user account likely possesses elevated privileges within the PACS workstation environment, potentially allowing access to medical imaging data, system configuration settings, and administrative functions. Attackers could exploit this weakness through various vectors including network reconnaissance, credential brute force attempts, or by leveraging other system vulnerabilities that might be present. The fact that this vulnerability affects multiple versions of the software suggests it was not properly addressed in the development lifecycle, indicating potential gaps in security testing and code review processes. This type of hardcoded credential issue is particularly dangerous in healthcare environments where the confidentiality and integrity of patient data are paramount.
The operational impact of this vulnerability extends beyond simple unauthorized access, as it could potentially compromise patient care and healthcare delivery. Medical imaging systems contain sensitive patient information that must remain protected under regulations such as HIPAA, and unauthorized access could lead to data breaches, regulatory penalties, and reputational damage. Healthcare organizations using affected systems may face significant operational disruptions if attackers exploit this vulnerability to gain access to critical medical imaging data or to manipulate system configurations. The attack surface is further expanded by the potential for this weakness to serve as a foothold for lateral movement within healthcare networks, where PACS systems often integrate with other medical devices and information systems. The unspecified nature of the attack vectors suggests that this vulnerability could be exploited through multiple pathways, making it particularly challenging to defend against.
Mitigation strategies for this vulnerability should prioritize immediate credential changes and system hardening measures. Organizations should implement comprehensive network segmentation to isolate PACS systems from general network access, deploy intrusion detection systems to monitor for suspicious activity, and establish regular security audits to identify similar hardcoded credentials in other systems. The remediation process must include updating to patched versions of the software, implementing strong password policies, and conducting thorough security assessments of all medical imaging systems. Additionally, organizations should consider implementing multi-factor authentication mechanisms and privilege escalation controls to reduce the impact of any remaining credential-related vulnerabilities. This vulnerability serves as a critical reminder of the importance of secure coding practices and the need for regular security assessments in healthcare environments where system integrity directly impacts patient safety and data protection. The issue also highlights the importance of following ATT&CK framework principles for identifying and mitigating credential-based attack vectors in healthcare IT infrastructure.