CVE-2019-10959 Information

Description

BD Alaris Gateway Workstation Versions 1.1.3 Build 10 1.1.3 MR Build 11 1.2 Build 15 1.3.0 Build 14 1.3.1 Build 13 This does not impact the latest firmware Versions 1.3.2 and 1.6.1 Additionally the following products using software Version 2.3.6 and below Alaris GS Alaris GH Alaris CC Alaris TIVA The application does not restrict the upload of malicious files during a firmware update.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/108765 https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01 https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/alaris-gateway-workstation-unauthorized-firmware

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

10.0