Insecure Telnet Services in Fujifilm Medical Devices
CVE-2019-10950

9.8CRITICAL

Key Information:

Vendor: Fujifilm
Status: Fujifilm Fcr Capsula X/ Carbon X
Vendor: CVE Published:; 30 April 2019

What is CVE-2019-10950?

Fujifilm's FCR Capsula X, Carbon X, and FCR XC-2 models are susceptible to vulnerabilities due to insecure telnet services that do not implement adequate authentication mechanisms. This flaw permits unauthorized users to potentially gain access to the underlying operating system, which may lead to unauthorized data retrieval and manipulation. Organizations utilizing these medical devices are urged to assess their network security practices and implement measures to restrict telnet access.

Affected Version(s)

Fujifilm FCR Capsula X/ Carbon X CR-IR 357 FCR Carbon X

Fujifilm FCR Capsula X/ Carbon X CR-IR 357 FCR XC-2

Fujifilm FCR Capsula X/ Carbon X FCR-IR 357 FCR Capsula X

References

https://ics-cert.us-cert.gov/advisories/ICSMA-19-113-01

x_refsource_MISC

http://www.securityfocus.com/bid/108052

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2019
Vulnerability Reserved
Apr 8, 2019