Vulnerabilities > BD > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-28 | CVE-2023-29061 | Missing Authentication for Critical Function vulnerability in BD Facschorus There is no BIOS password on the FACSChorus workstation. | 5.2 |
| 2023-11-28 | CVE-2023-29064 | Use of Hard-coded Credentials vulnerability in BD Facschorus The FACSChorus software contains sensitive information stored in plaintext. | 4.3 |
| 2023-11-28 | CVE-2023-29065 | Incorrect Permission Assignment for Critical Resource vulnerability in BD Facschorus The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. | 4.3 |
| 2023-11-28 | CVE-2023-29060 | Missing Authentication for Critical Function vulnerability in BD Facschorus The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. | 5.7 |
| 2023-07-13 | CVE-2023-30561 | Missing Encryption of Sensitive Data vulnerability in BD Alaris 8015 PCU Firmware 9.33.1 The data flowing between the PCU and its modules is insecure. | 6.1 |
| 2023-07-13 | CVE-2023-30562 | Insufficient Verification of Data Authenticity vulnerability in BD Alaris Guardrails Editor 12.1.2 A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. | 6.7 |
| 2023-07-13 | CVE-2023-30564 | Cross-site Scripting vulnerability in BD Alaris Systems Manager 4.33 Alaris Systems Manager does not perform input validation during the Device Import Function. | 6.9 |
| 2023-07-13 | CVE-2023-30560 | Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 9.33.1 The configuration from the PCU can be modified without authentication using physical connection to the PCU. | 6.8 |
| 2023-07-13 | CVE-2023-30559 | Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 12.1.3/9.33.1 The firmware update package for the wireless card is not properly signed and can be modified. | 5.7 |
| 2022-12-05 | CVE-2022-43557 | Improper Authentication vulnerability in BD products The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. | 5.3 |