1. EXECUTIVE SUMMARY
- CVSS v3 8.0
- ATTENTION: Low attack complexity
- Vendor: Becton, Dickinson and Company (BD)
- Equipment: Diagnostic Solutions Products
- Vulnerability: Use of Default Credentials
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to use default credentials to access, modify, or delete sensitive data, which could impact the availability of the system or cause a system shutdown.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following BD Diagnostic Solutions products are affected:
- BD BACTEC Blood Culture System: All versions
- BD COR System: All versions
- BD EpiCenter Microbiology Data Management System: All versions
- BD MAX System: All versions
- BD Phoenix M50 Automated Microbiology System: All versions
- BD Synapsys Informatics Solution: All versions
3.2 Vulnerability Overview
3.2.1 USE OF DEFAULT CREDENTIALS CWE-1392
Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system.
CVE-2024-10476 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.0 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health
- COUNTRIES/AREAS DEPLOYED:
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: