Vulnerabilities > BD
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-13 | CVE-2023-30564 | Cross-site Scripting vulnerability in BD Alaris Systems Manager 12.3/4.33 Alaris Systems Manager does not perform input validation during the Device Import Function. | 6.9 |
| 2023-07-13 | CVE-2023-30565 | Cleartext Transmission of Sensitive Information vulnerability in BD Guardrails CQI Reporter 10.17 An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker. | 3.5 |
| 2023-07-13 | CVE-2023-30560 | Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 12.1.3/9.33.1 The configuration from the PCU can be modified without authentication using physical connection to the PCU. | 6.8 |
| 2023-07-13 | CVE-2023-30559 | Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 12.1.3/9.33.1 The firmware update package for the wireless card is not properly signed and can be modified. | 5.7 |
| 2023-06-13 | CVE-2022-47376 | Insufficiently Protected Credentials vulnerability in BD Alaris Infusion Central 1.1/1.3.2 The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. | 7.3 |
| 2022-12-05 | CVE-2022-43557 | Improper Authentication vulnerability in BD products The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. | 5.3 |
| 2022-11-04 | CVE-2022-40263 | Use of Hard-coded Credentials vulnerability in BD Totalys Multiprocessor Firmware 1.70 BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. | 7.8 |
| 2022-06-02 | CVE-2022-22767 | Insufficiently Protected Credentials vulnerability in BD products Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. | 8.8 |
| 2022-06-02 | CVE-2022-30277 | Insufficient Session Expiration vulnerability in BD Synapsys 4.20/4.30 BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. | 5.7 |
| 2022-02-12 | CVE-2022-22765 | Use of Hard-coded Credentials vulnerability in BD Viper LT System Firmware 2.0/4.0 BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. | 7.8 |