Vulnerabilities > BD > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-30277 Insufficient Session Expiration vulnerability in BD Synapsys 4.20/4.30
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability.
low complexity
bd CWE-613
5.7
2022-02-11 CVE-2022-22766 Use of Hard-coded Credentials vulnerability in BD products
Hardcoded credentials are used in specific BD Pyxis products.
local
low complexity
bd CWE-798
5.5
2020-04-01 CVE-2020-10598 Unspecified vulnerability in BD products
In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices.
low complexity
bd
6.1
2019-06-13 CVE-2019-10962 Unspecified vulnerability in BD Alaris Gateway Workstation Firmware
BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device.
network
low complexity
bd
5.3
2019-02-06 CVE-2019-6517 Unspecified vulnerability in BD Facslyric and Facslyric IVD
BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S.
low complexity
bd
6.8
2018-05-24 CVE-2018-10595 SQL Injection vulnerability in BD Database Manager, Performa and Reada
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.
high complexity
bd CWE-89
6.3
2018-05-24 CVE-2018-10593 SQL Injection vulnerability in BD Database Manager, Performa and Reada
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.
high complexity
bd CWE-89
5.6
2017-02-13 CVE-2016-9355 Credentials Management vulnerability in BD Alaris 8015 PC Unit 9.5/9.7
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7.
low complexity
bd CWE-255
5.3
2017-02-13 CVE-2016-8375 Credentials Management vulnerability in BD Alaris 8015 PC Unit 9.5/9.7
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit.
high complexity
bd CWE-255
4.9