Bd: Security Vulnerabilities
Alaris Systems Manager does not perform input validation during the Device Import Function.
CVSS Score
6.9
EPSS Score
0.001
Published
2023-07-13
An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-07-13
The configuration from the PCU can be modified without authentication using physical connection to the PCU.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-07-13
The firmware update package for the wireless card is not properly signed and can be modified.
CVSS Score
5.2
EPSS Score
0.001
Published
2023-07-13
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-06-13
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-12-05
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability.
CVSS Score
6.6
EPSS Score
0.0
Published
2022-11-04
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).
CVSS Score
5.7
EPSS Score
0.0
Published
2022-06-02
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-06-02
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability.
CVSS Score
8.0
EPSS Score
0.001
Published
2022-02-12