Risk Summary
Successful exploitation of this vulnerability may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port. BD has determined the affected products are not sold within the United States.
CVEs (1)
Remediations
- BD reports that this vulnerability cannot be performed if the device is connected to an Alaris Gateway Workstation docking station. Also, an attacker cannot switch the device on remotely, and no PHI or PII can be accessed by exploiting this vulnerability.
- BD recommends the following mitigations and compensating controls in order to reduce risk associated with this vulnerability:
- For more information on BD 's product security and vulnerability management, contact their product security office at:
- http://www.bd.com/productsecurity
Affected Vendors
Becton, Dickinson and Company (BD)
Affected Products (4)
Becton, Dickinson and Company (BD)
·
Alaris CC
<= 2.3.6
Becton, Dickinson and Company (BD)
·
Alaris TIVA
<= 2.3.6
Becton, Dickinson and Company (BD)
·
Alaris GH
<= 2.3.6
Becton, Dickinson and Company (BD)
·
Alaris GS
<= 2.3.6
Affected Sectors
Healthcare and Public Health
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more