← Back to home
ICSMA-19-164-01  ·  Published 2019-06-13  ·  View on CISA ICS-CERT ↗

BD Alaris Gateway Workstation

CVSS 10.0 CRITICAL

Risk Summary

Exploitation of these vulnerabilities could allow unauthorized arbitrary code execution, which could allow an attacker to view and edit device status and configuration details as well as cause devices to become unavailable. The vendor has stated the affected products are not sold in the United States.

CVEs (2)

Remediations

  • BD recommends the following mitigations and compensating controls in order to reduce risk associated with these vulnerabilities.
  • For the Alaris Gateway Workstation Web Browser User Interface vulnerability:
  • For the Alaris Gateway Workstation Dangerous File Upload vulnerability:
  • BD is currently assessing additional remediation efforts, including an adjustment to restrict the SMB protocol.
  • For more information on BD 's product security and vulnerability management, contact BD 's Product Security Office at:
  • https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins
  • https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm

Affected Vendors

Becton, Dickinson and Company (BD)

Affected Products (11)

Becton, Dickinson and Company (BD) · Alaris Gateway Workstation Alaris GS 2.3.6 and below
Becton, Dickinson and Company (BD) · Alaris Gateway Workstation 1.1.6
Becton, Dickinson and Company (BD) · Alaris Gateway Workstation 1.1.5
Becton, Dickinson and Company (BD) · Alaris Gateway Workstation Alaris GH 2.3.6 and below
Becton, Dickinson and Company (BD) · Alaris Gateway Workstation Alaris CC 2.3.6 and below
Becton, Dickinson and Company (BD) · Alaris Gateway Workstation 1.3.1 Build 13
Becton, Dickinson and Company (BD) · Alaris Gateway Workstation 1.1.3 MR Build 11
Becton, Dickinson and Company (BD) · Alaris Gateway Workstation Alaris TIVA 2.3.6 and below
Becton, Dickinson and Company (BD) · Alaris Gateway Workstation 1.0.13
Becton, Dickinson and Company (BD) · Alaris Gateway Workstation 1.3.0 Build 14
Becton, Dickinson and Company (BD) · Alaris Gateway Workstation 1.1.3 Build 10

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more