Researchers discovered 11 security vulnerabilities in GE HealthCare's Vivid Ultrasound family, including missing encryption, hardcoded credentials, and more, with severity ranging from 5.7 to 9.6 on the CVSS 3
1, potentially leading to remote code execution with full privileges. Exploiting these bugs requires physical device access, providing some security for healthcare facilities, but there are still risks involved, such as plugging in a malicious drive through the exposed USB port. https://www.darkreading.com/vulnerabilities-threats/ge-ultrasound-gear-riddled-with-bugs-open-to-ransomware-data-theft