VYPR

Vendor CVEs

Bd

All CVEs

28 total · sorted by risk
  • CVE-2017-6022CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.02

    A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged…

  • CVE-2018-14786CriAug 23, 2018
    risk 0.61cvss 9.4epss 0.03

    Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality…

  • CVE-2024-10476HigDec 17, 2024
    risk 0.52cvss 8.0epss 0.00

    Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII).…

  • CVE-2018-10595MedMay 24, 2018
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.

  • CVE-2018-10593MedMay 24, 2018
    risk 0.36cvss 5.6epss 0.00

    A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may…

  • CVE-2016-9355MedFeb 13, 2017
    risk 0.34cvss 5.3epss 0.01

    An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network…

  • CVE-2016-8375MedFeb 13, 2017
    risk 0.32cvss 4.9epss 0.01

    An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted…

  • CVE-2023-29066Nov 28, 2023
    risk 0.00cvss epss 0.00

    The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.

  • CVE-2023-29065Nov 28, 2023
    risk 0.00cvss epss 0.00

    The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.

  • CVE-2023-29064Nov 28, 2023
    risk 0.00cvss epss 0.00

    The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.

  • CVE-2023-29063Nov 28, 2023
    risk 0.00cvss epss 0.00

    The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of…

  • CVE-2023-29062Nov 28, 2023
    risk 0.00cvss epss 0.00

    The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will…

  • CVE-2023-29061Nov 28, 2023
    risk 0.00cvss epss 0.00

    There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.

  • CVE-2023-29060Nov 28, 2023
    risk 0.00cvss epss 0.00

    The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.

  • CVE-2023-30564Jul 13, 2023
    risk 0.00cvss epss 0.00

    Alaris Systems Manager does not perform input validation during the Device Import Function.

  • CVE-2022-47376Jun 13, 2023
    risk 0.00cvss epss 0.00

    The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data.

  • CVE-2022-43557Dec 5, 2022
    risk 0.00cvss epss 0.00

    The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health…

  • CVE-2022-40263Nov 4, 2022
    risk 0.00cvss epss 0.00

    BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and…

  • CVE-2022-30277Jun 1, 2022
    risk 0.00cvss epss 0.00

    BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health…

  • CVE-2022-22767Jun 1, 2022
    risk 0.00cvss epss 0.00

    Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s)…

  • CVE-2022-22765Feb 12, 2022
    risk 0.00cvss epss 0.00

    BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally…

  • CVE-2022-22766Feb 11, 2022
    risk 0.00cvss epss 0.00

    Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access…

  • CVE-2020-25165Nov 13, 2020
    risk 0.00cvss epss 0.02

    BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD…

  • CVE-2020-10598Apr 1, 2020
    risk 0.00cvss epss 0.00

    In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted…

  • CVE-2019-13517Sep 6, 2019
    risk 0.00cvss epss 0.01

    In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory…

  • CVE-2019-10959Jun 13, 2019
    risk 0.00cvss epss 0.03

    BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS,…

  • CVE-2019-10962Jun 13, 2019
    risk 0.00cvss epss 0.02

    BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the…

  • CVE-2019-6517Feb 6, 2019
    risk 0.00cvss epss 0.00

    BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged…