MEDIUM🇬🇧 English

CVE-2023-30560

CVSS 6.8v3.1pub. 2023-07-13upd. 2024-11-21

The configuration from the PCU can be modified without authentication using physical connection to the PCU.

oryginał EN
CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Bd Alaris 8015 Pcu

    HW
    Bd
    wszystkie wersje
  • Bd Alaris 8015 Pcu Firmware

    OS
    Bd
    ≤ 12.1.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2020-25165HIGH7.5ten sam produkt

BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and ea...

CVE-2023-30559MEDIUM5.2ten sam produkt

The firmware update package for the wireless card is not properly signed and can be modified.

CVE-2023-30561MEDIUM6.1ten sam produkt

The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potent...

CVE-2019-10959CRITICAL10.0ten sam vendor

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1...

CVE-2018-14786CRITICAL9.4ten sam vendor

Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, ...