fkie_cve-2024-10476
Vulnerability from fkie_nvd
Published
2024-12-17 16:15
Modified
2024-12-17 16:15
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys™ Informatics Solution is only in scope of this vulnerability when installed on a NUC server. BD Synapsys™ Informatics Solution installed on a customer-provided virtual machine or on the BD Kiestra™ SCU hardware is not in scope.
References
cybersecurity@bd.comhttps://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-cybersecurity-vulnerability-bulletin-diagnostic-solutions-products
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys\u2122 Informatics\nSolution is only in scope of\nthis vulnerability when\ninstalled on a NUC server. BD Synapsys\u2122\nInformatics Solution installed\non a customer-provided virtual machine or on the BD Kiestra\u2122 SCU hardware is\nnot in scope."
    },
    {
      "lang": "es",
      "value": "Las credenciales predeterminadas se utilizan en BD Diagnostic Solutions products enumerados anteriormente. Si se explota esta vulnerabilidad, los actores de amenazas pueden acceder, modificar o eliminar datos, incluida informaci\u00f3n confidencial como informaci\u00f3n m\u00e9dica protegida (PHI) e informaci\u00f3n de identificaci\u00f3n personal (PII). La explotaci\u00f3n de esta vulnerabilidad puede permitir que un atacante apague o afecte de otro modo la disponibilidad del sistema. Nota: BD Synapsys\u2122 Informatics Solution solo est\u00e1 dentro del alcance de esta vulnerabilidad cuando se instala en un servidor NUC. BD Synapsys\u2122 Informatics Solution instalada en una m\u00e1quina virtual proporcionada por el cliente o en el hardware BD Kiestra\u2122 SCU no est\u00e1 dentro del alcance."
    }
  ],
  "id": "CVE-2024-10476",
  "lastModified": "2024-12-17T16:15:23.390",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "cybersecurity@bd.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-17T16:15:23.390",
  "references": [
    {
      "source": "cybersecurity@bd.com",
      "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-cybersecurity-vulnerability-bulletin-diagnostic-solutions-products"
    }
  ],
  "sourceIdentifier": "cybersecurity@bd.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1392"
        }
      ],
      "source": "cybersecurity@bd.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.