Vulnerabilities > BD > Low

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2023-29066 Improper Privilege Management vulnerability in BD Facschorus
The FACSChorus software does not properly assign data access privileges for operating system user accounts.
low complexity
bd CWE-269
3.5
2023-11-28 CVE-2023-29063 Missing Authentication for Critical Function vulnerability in BD Facschorus
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture.
low complexity
bd CWE-306
2.4
2023-11-28 CVE-2023-29062 Improper Authentication vulnerability in BD Facschorus
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource.
low complexity
bd CWE-287
3.8
2023-07-13 CVE-2023-30565 Cleartext Transmission of Sensitive Information vulnerability in BD Guardrails CQI Reporter
An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.
low complexity
bd CWE-319
3.5
2022-06-02 CVE-2022-30277 Insufficient Session Expiration vulnerability in BD Synapsys 4.20/4.30
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability.
local
low complexity
bd CWE-613
3.6
2022-02-11 CVE-2022-22766 Use of Hard-coded Credentials vulnerability in BD products
Hardcoded credentials are used in specific BD Pyxis products.
local
low complexity
bd CWE-798
2.1
2020-04-01 CVE-2020-10598 Unspecified vulnerability in BD products
In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices.
local
low complexity
bd
3.6
2018-05-24 CVE-2018-10593 SQL Injection vulnerability in BD Database Manager, Performa and Reada
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.
3.8
2017-02-13 CVE-2016-8375 Credentials Management vulnerability in BD Alaris 8015 PC Unit 9.7
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit.
local
bd CWE-255
1.9
2017-02-13 CVE-2016-9355 Credentials Management vulnerability in BD Alaris 8015 PC Unit 9.7
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7.
local
low complexity
bd CWE-255
2.1