CVE-2019-10959

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:10:*:*:*:*:*:*
cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:11:*:*:*:*:*:*
cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.2:15:*:*:*:*:*:*
cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.3.0:14:*:*:*:*:*:*
cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.3.1:13:*:*:*:*:*:*
cpe:2.3:h:bd:alaris_gateway_workstation:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:bd:alaris_gs_syringe_pump_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:alaris_gs_syringe_pump:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:bd:alaris_gh_syringe_pump_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:alaris_gh_syringe_pump:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:bd:alaris_cc_syringe_pump_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:alaris_cc_syringe_pump:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:bd:alaris_tiva_syringe_pump_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:alaris_tiva_syringe_pump:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:20

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/108765 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/108765 - Third Party Advisory, VDB Entry
References () https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01 - Mitigation, Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01 - Mitigation, Third Party Advisory, US Government Resource

Information

Published : 2019-06-13 21:29

Updated : 2024-11-21 04:20


NVD link : CVE-2019-10959

Mitre link : CVE-2019-10959

CVE.ORG link : CVE-2019-10959


JSON object : View

Products Affected

bd

  • alaris_tiva_syringe_pump_firmware
  • alaris_cc_syringe_pump
  • alaris_gh_syringe_pump_firmware
  • alaris_tiva_syringe_pump
  • alaris_gs_syringe_pump_firmware
  • alaris_gateway_workstation
  • alaris_gs_syringe_pump
  • alaris_gateway_workstation_firmware
  • alaris_gh_syringe_pump
  • alaris_cc_syringe_pump_firmware
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type