Vulnerabilities > BD > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2023-29061 Missing Authentication for Critical Function vulnerability in BD Facschorus
There is no BIOS password on the FACSChorus workstation.
low complexity
bd CWE-306
5.2
2023-11-28 CVE-2023-29064 Use of Hard-coded Credentials vulnerability in BD Facschorus
The FACSChorus software contains sensitive information stored in plaintext.
low complexity
bd CWE-798
4.3
2023-11-28 CVE-2023-29065 Incorrect Permission Assignment for Critical Resource vulnerability in BD Facschorus
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user.
low complexity
bd CWE-732
4.3
2023-11-28 CVE-2023-29060 Missing Authentication for Critical Function vulnerability in BD Facschorus
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports.
low complexity
bd CWE-306
5.7
2023-07-13 CVE-2023-30561 Missing Encryption of Sensitive Data vulnerability in BD Alaris 8015 PCU Firmware 9.33.1
The data flowing between the PCU and its modules is insecure.
low complexity
bd CWE-311
6.1
2023-07-13 CVE-2023-30562 Insufficient Verification of Data Authenticity vulnerability in BD Alaris Guardrails Editor 12.1.2
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs.
low complexity
bd CWE-345
6.7
2023-07-13 CVE-2023-30564 Cross-site Scripting vulnerability in BD Alaris Systems Manager 4.33
Alaris Systems Manager does not perform input validation during the Device Import Function.
low complexity
bd CWE-79
6.9
2023-07-13 CVE-2023-30560 Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 9.33.1
The configuration from the PCU can be modified without authentication using physical connection to the PCU.
low complexity
bd CWE-287
6.8
2023-07-13 CVE-2023-30559 Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware 12.1.3/9.33.1
The firmware update package for the wireless card is not properly signed and can be modified.
low complexity
bd CWE-287
5.7
2022-12-05 CVE-2022-43557 Improper Authentication vulnerability in BD products
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface.
high complexity
bd CWE-287
5.3