Lucene search
BDCVE-2023-30561HistoryJul 13, 2023 - 8:15 p.m.
CVE-2023-30561
2023-07-1320:15:09
CWE-311
BD
web.nvd.nist.gov
20
security
data flow
pcu
modules
physical access
threat actor
nvd
CVSS3
6.1
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
6
Confidence
High
EPSS
0.001
Percentile
23.5%
The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.
Affected configurations
Node
bdalaris_8015_pcuMatch-
bdalaris_8015_pcu_firmwareRangeβ€12.1.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bd | alaris_8015_pcu | - | cpe:2.3:h:bd:alaris_8015_pcu:-:*:*:*:*:*:*:* |
| bd | alaris_8015_pcu_firmware | * | cpe:2.3:o:bd:alaris_8015_pcu_firmware:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "BD AlarisΓ’βΒ’ Point-of-Care Unit (PCU) Model 8015",
"vendor": "Becton Dickinson & Co",
"versions": [
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
cvelist
cvelist
CVE-2023-30561 Lack of Cryptographic Security of IUI Bus
2023-07-13 19:03:17
prion
prion
Information disclosure
2023-07-13 20:15:00
nvd
nvd
CVE-2023-30561
2023-07-13 20:15:09
ics
ics
BD Alaris System with Guardrails Suite MX (Update A)
2023-10-26 12:00:00
CVSS3
6.1
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
6
Confidence
High
EPSS
0.001
Percentile
23.5%
Related for CVE-2023-30561