BD Kiestra and InoquIA Systems (Update A)

CVSS 6.3 MEDIUM

Risk Summary

Successful exploitation of these vulnerabilities may lead to loss or corruption of data.

CVE-2018-10593 CVE-2018-10595

BD has developed a mitigation to prevent authorized users with access to a privileged account on a BD Kiestra system from triggering SQL functions. This mitigation also remediates a limited set of ePHI patient data that can be exposed when a privileged user executes a select SQL statement in the ReadA Overview. BD is in the process of deploying the mitigation remotely or on premise, depending on user preference.
Until mitigations are in place, BD recommends the following compensating controls. These controls require user action in order to reduce risk associated with these vulnerabilities:
For product support or site-specific concerns, users in North America may contact Lab Automation Regional Phone Support via email [email protected] or by phone (1-800-638-8663). Users in EMEA may contact Customer Service Desk via email [email protected] or by phone (+31 512 540 623).
For more specific details regarding these vulnerabilities, the associated mitigations, and links to user manuals, please see the BD Product Security Bulletin at the following location:
https://www.bd.com/en-us/support/product-security-and-privacy

Becton, Dickinson and Company (BD)

Becton, Dickinson and Company (BD) · Database (DB) Manager 3.0.1.0

Becton, Dickinson and Company (BD) · BD Kiestra TLA WCA InoqulA+ speciman processor - PerformA <=3.0.0.0

Becton, Dickinson and Company (BD) · BD Kiestra TLA WCA InoqulA+ speciman processor - Database (DB) Manager 3.0.1.0

Becton, Dickinson and Company (BD) · BD Kiestra TLA WCA InoqulA+ speciman processor - ReadA Overview <=1.1.0.2

Becton, Dickinson and Company (BD) · PerformA <=3.0.0.0

Becton, Dickinson and Company (BD) · ReadA Overview <=1.1.0.2

Healthcare and Public Health

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.