MEDIUM🇵🇱 Wersja polska

CVE-2023-30561

CVSS 6.1v3.1pub. 2023-07-13upd. 2024-11-21

The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.

CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • Bd Alaris 8015 Pcu

    HW
    Bd
    wszystkie wersje
  • Bd Alaris 8015 Pcu Firmware

    OS
    Bd
    ≤ 12.1.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-25165HIGH7.5ten sam produkt

BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and ea...

CVE-2023-30559MEDIUM5.2ten sam produkt

The firmware update package for the wireless card is not properly signed and can be modified.

CVE-2023-30560MEDIUM6.8ten sam produkt

The configuration from the PCU can be modified without authentication using physical connection to the PCU. ...

CVE-2019-10959CRITICAL10.0ten sam vendor

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1...

CVE-2018-14786CRITICAL9.4ten sam vendor

Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, ...