Vulnerabilities > BD > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2023-29061 Missing Authentication for Critical Function vulnerability in BD Facschorus
There is no BIOS password on the FACSChorus workstation.
low complexity
bd CWE-306
5.2
2023-11-28 CVE-2023-29064 Use of Hard-coded Credentials vulnerability in BD Facschorus
The FACSChorus software contains sensitive information stored in plaintext.
low complexity
bd CWE-798
4.3
2023-11-28 CVE-2023-29065 Incorrect Permission Assignment for Critical Resource vulnerability in BD Facschorus
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user.
low complexity
bd CWE-732
4.3
2023-11-28 CVE-2023-29060 Missing Authentication for Critical Function vulnerability in BD Facschorus
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports.
low complexity
bd CWE-306
5.7
2023-07-13 CVE-2023-30561 Missing Encryption of Sensitive Data vulnerability in BD Alaris 8015 PCU Firmware 12.1.3/9.33.1
The data flowing between the PCU and its modules is insecure.
low complexity
bd CWE-311
6.1
2023-07-13 CVE-2023-30562 Insufficient Verification of Data Authenticity vulnerability in BD Alaris Guardrails Editor 12.1.2
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs.
low complexity
bd CWE-345
6.7
2023-07-13 CVE-2023-30564 Cross-site Scripting vulnerability in BD Alaris Systems Manager 12.3/4.33
Alaris Systems Manager does not perform input validation during the Device Import Function.
low complexity
bd CWE-79
6.9
2023-07-13 CVE-2023-30560 Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 12.1.3/9.33.1
The configuration from the PCU can be modified without authentication using physical connection to the PCU.
low complexity
bd CWE-287
6.8
2023-07-13 CVE-2023-30559 Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 12.1.3/9.33.1
The firmware update package for the wireless card is not properly signed and can be modified.
low complexity
bd CWE-287
5.7
2022-12-05 CVE-2022-43557 Improper Authentication vulnerability in BD products
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface.
high complexity
bd CWE-287
5.3