Protection Mechanism Failure in GE Ultrasound products

Published: 2020-02-19
Risk Low
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2020-6977
Exploitation vector Local
Public exploit N/A
Vulnerable software
Vivid products
Hardware solutions / Medical equipment

Hardware solutions / Medical equipment

Hardware solutions / Medical equipment

Versana Essential
Hardware solutions / Medical equipment

Invenia ABUS Scan station
Hardware solutions / Medical equipment

Hardware solutions / Medical equipment

Vendor GE

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Protection Mechanism Failure

EUVDB-ID: #VU25442

Risk: Low


CVE-ID: CVE-2020-6977

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No


The vulnerability allows a local attacker to gain access to the operating system of affected devices.

The vulnerability exists due to a restricted desktop environment escape in the "Kiosk Mode" functionality. An attacker with physical access can use specially crafted inputs and escape the restricted environment, resulting in access to the underlying operating system.

Note: This vulnerability does not affect LOGIQ 100 Pro, Venue 40 R1-3 and Venue 50 R4-5.


Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Vivid products: All versions

LOGIQ: All versions

Voluson: All versions

Versana Essential: All versions

Invenia ABUS Scan station: All versions

Venue: All versions

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?