Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for CQI Reporter by Becton Dickinson & Co

    CVE-2023-30565 (GCVE-0-2023-30565)

    Vulnerability from nvd – Published: 2023-07-13 19:06 – Updated: 2024-10-22 15:36
    VLAI
    Title
    CQI Data Sniffing
    Summary
    An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    BD
    Impacted products
    Vendor Product Version
    Becton Dickinson & Co CQI Reporter Affected: 0 , ≤ 10.17 (custom)
    Create a notification for this product.
    Date Public
    2023-07-13 15:32
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:28:51.783Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30565",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T15:23:26.688644Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-22T15:36:36.823Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CQI Reporter",
              "vendor": "Becton Dickinson \u0026 Co",
              "versions": [
                {
                  "lessThanOrEqual": "10.17",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-07-13T15:32:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker."
                }
              ],
              "value": "An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-158",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-158 Sniffing Network Traffic"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-924",
                  "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T15:51:18.816Z",
            "orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
            "shortName": "BD"
          },
          "references": [
            {
              "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nBD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nBD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.\n\n\n"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": " CQI Data Sniffing ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
        "assignerShortName": "BD",
        "cveId": "CVE-2023-30565",
        "datePublished": "2023-07-13T19:06:18.280Z",
        "dateReserved": "2023-04-12T16:30:07.537Z",
        "dateUpdated": "2024-10-22T15:36:36.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-30565 (GCVE-0-2023-30565)

    Vulnerability from cvelistv5 – Published: 2023-07-13 19:06 – Updated: 2024-10-22 15:36
    VLAI
    Title
    CQI Data Sniffing
    Summary
    An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    BD
    Impacted products
    Vendor Product Version
    Becton Dickinson & Co CQI Reporter Affected: 0 , ≤ 10.17 (custom)
    Create a notification for this product.
    Date Public
    2023-07-13 15:32
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:28:51.783Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30565",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T15:23:26.688644Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-22T15:36:36.823Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CQI Reporter",
              "vendor": "Becton Dickinson \u0026 Co",
              "versions": [
                {
                  "lessThanOrEqual": "10.17",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-07-13T15:32:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker."
                }
              ],
              "value": "An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-158",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-158 Sniffing Network Traffic"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-924",
                  "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T15:51:18.816Z",
            "orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
            "shortName": "BD"
          },
          "references": [
            {
              "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nBD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nBD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.\n\n\n"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": " CQI Data Sniffing ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
        "assignerShortName": "BD",
        "cveId": "CVE-2023-30565",
        "datePublished": "2023-07-13T19:06:18.280Z",
        "dateReserved": "2023-04-12T16:30:07.537Z",
        "dateUpdated": "2024-10-22T15:36:36.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }