CVE-2023-30559

The firmware update package for the wireless card is not properly signed and can be modified.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bd:alaris_8015_pcu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:alaris_8015_pcu:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:00

Type Values Removed Values Added
References () https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx - Vendor Advisory () https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx - Vendor Advisory
CVSS v2 : unknown
v3 : 5.7
v2 : unknown
v3 : 5.2

08 Feb 2024, 22:15

Type Values Removed Values Added
Summary (en) The configuration from the PCU can be modified without authentication using physical connection to the PCU. (en) The firmware update package for the wireless card is not properly signed and can be modified.
CWE CWE-20
CWE-345

25 Jul 2023, 18:55

Type Values Removed Values Added
References (MISC) https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx - (MISC) https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx - Vendor Advisory
CPE cpe:2.3:o:bd:alaris_8015_pcu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:alaris_8015_pcu:-:*:*:*:*:*:*:*
CWE CWE-287
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.7

13 Jul 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-13 18:15

Updated : 2024-11-21 08:00


NVD link : CVE-2023-30559

Mitre link : CVE-2023-30559

CVE.ORG link : CVE-2023-30559


JSON object : View

Products Affected

bd

  • alaris_8015_pcu
  • alaris_8015_pcu_firmware
CWE
CWE-20

Improper Input Validation

CWE-345

Insufficient Verification of Data Authenticity

CWE-287

Improper Authentication