Search
Find a vulnerability
Search criteria
2 vulnerabilities found for BD Alaris™ Point-of-Care Unit (PCU) Model 8015 by Becton Dickinson & Co
CVE-2023-30559 (GCVE-0-2023-30559)
Vulnerability from nvd – Published: 2023-07-13 17:50 – Updated: 2024-08-02 14:28
VLAI
EPSS
VEX
Title
Wireless Card Firmware Improperly Signed
Summary
The firmware update package for the wireless card is not properly signed and can be modified.
Severity
5.2 (Medium)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Becton Dickinson & Co | BD Alaris™ Point-of-Care Unit (PCU) Model 8015 |
Affected:
0 , ≤ 12.1.3
(custom)
|
Date Public
2023-07-13 14:59
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BD Alaris\u2122 Point-of-Care Unit (PCU) Model 8015",
"vendor": "Becton Dickinson \u0026 Co ",
"versions": [
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-13T14:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The firmware update package for the wireless card is not properly signed and can be modified."
}
],
"value": "The firmware update package for the wireless card is not properly signed and can be modified."
}
],
"impacts": [
{
"capecId": "CAPEC-638",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-638 Altered Component Firmware"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T21:52:28.547Z",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Wireless Card Firmware Improperly Signed",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2023-30559",
"datePublished": "2023-07-13T17:50:13.176Z",
"dateReserved": "2023-04-12T16:30:07.536Z",
"dateUpdated": "2024-08-02T14:28:51.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30559 (GCVE-0-2023-30559)
Vulnerability from cvelistv5 – Published: 2023-07-13 17:50 – Updated: 2024-08-02 14:28
VLAI
EPSS
VEX
Title
Wireless Card Firmware Improperly Signed
Summary
The firmware update package for the wireless card is not properly signed and can be modified.
Severity
5.2 (Medium)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Becton Dickinson & Co | BD Alaris™ Point-of-Care Unit (PCU) Model 8015 |
Affected:
0 , ≤ 12.1.3
(custom)
|
Date Public
2023-07-13 14:59
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BD Alaris\u2122 Point-of-Care Unit (PCU) Model 8015",
"vendor": "Becton Dickinson \u0026 Co ",
"versions": [
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-13T14:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The firmware update package for the wireless card is not properly signed and can be modified."
}
],
"value": "The firmware update package for the wireless card is not properly signed and can be modified."
}
],
"impacts": [
{
"capecId": "CAPEC-638",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-638 Altered Component Firmware"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T21:52:28.547Z",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Wireless Card Firmware Improperly Signed",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2023-30559",
"datePublished": "2023-07-13T17:50:13.176Z",
"dateReserved": "2023-04-12T16:30:07.536Z",
"dateUpdated": "2024-08-02T14:28:51.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}