GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

References

• https://nvd.nist.gov/vuln/detail/CVE-2004-2777
• https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
• https://twitter.com/digitalbond/status/619250429751222277
• http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA&DIRECTION=2010564-002&FILENAME=2010564-002E.pdf&FILEREV=E&DOCREV_ORG=E
• http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts