ICSMA-17-017-02
·
Published 2021-03-16
·
View on CISA ICS-CERT ↗
BD Alaris 8015 PC Unit (Update B)
CVSS 6.8
MEDIUM
Risk Summary
Successful exploitation of these vulnerabilities could allow an unauthorized user with physical access to the affected devices to access the host facility 's wireless network authentication credentials and other sensitive technical data, which may compromise the confidentiality, integrity, and availability of the device.
CVEs (2)
Remediations
- BD has not developed a product fix to address these vulnerabilities, but has issued compensating controls to reduce the risk of exploitation.
- All Alaris System software versions less than 9.19 are end of life. BD recommends users upgrade Alaris System software when BD releases its next version of software, upon 510(k) clearance.
- BD recommends that users apply the following compensating controls:
- BD has released a security bulletin for the Alaris PC unit model 8015.
- For additional information about the identified vulnerabilities or BD 's compensating controls, please contact BD 's Customer Support.
Affected Vendors
Becton, Dickinson and Company (BD)
Affected Products (3)
Becton, Dickinson and Company (BD)
·
Alaris 8015 PC unit
9.7
Becton, Dickinson and Company (BD)
·
Alaris 8015 PC unit
<= 9.33
Becton, Dickinson and Company (BD)
·
Alaris 8015 PC unit
<= 9.5
Affected Sectors
Healthcare and Public Health
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more