CRITICAL🇵🇱 Wersja polska

CVE-2019-10959

CVSS 10.0v3.0pub. 2019-06-13upd. 2024-11-21

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Bd Alaris Cc Syringe Pump

    HW
    Bd
    wszystkie wersje
  • Bd Alaris Cc Syringe Pump Firmware

    OS
    Bd
    ≤ 2.3.6
  • Bd Alaris Gateway Workstation

    HW
    Bd
    wszystkie wersje
  • Bd Alaris Gateway Workstation Firmware

    OS
    Bd
    1.1.31.21.3.01.3.1
  • Bd Alaris Gh Syringe Pump

    HW
    Bd
    wszystkie wersje
  • Bd Alaris Gh Syringe Pump Firmware

    OS
    Bd
    ≤ 2.3.6
  • Bd Alaris Gs Syringe Pump

    HW
    Bd
    wszystkie wersje
  • Bd Alaris Gs Syringe Pump Firmware

    OS
    Bd
    ≤ 2.3.6
  • Bd Alaris Tiva Syringe Pump

    HW
    Bd
    wszystkie wersje
  • Bd Alaris Tiva Syringe Pump Firmware

    OS
    Bd
    ≤ 2.3.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-10962MEDIUM5.3ten sam produkt

BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user int...

CVE-2018-14786CRITICAL9.4ten sam vendor

Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, ...

CVE-2017-6022CRITICAL9.8ten sam vendor

A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 an...

CVE-2023-30563HIGH8.2ten sam vendor

A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.

CVE-2022-47376HIGH7.3ten sam vendor

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the inst...