Search criteria
12 vulnerabilities found for performa by bd
VAR-201706-0455
Vulnerability from variot - Updated: 2023-12-18 13:19A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database. The former is a set of applications for system monitoring; the latter is a set of applications for incremental backups. An attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. The following products are affected: PerformA 2.0.14.0 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0455",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kla journal service",
"scope": "eq",
"trust": 1.5,
"vendor": "bd",
"version": "1.0.51"
},
{
"model": "performa",
"scope": "eq",
"trust": 1.5,
"vendor": "bd",
"version": "2.0.14.0"
},
{
"model": "kla journal service",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "1.0.51"
},
{
"model": "performa",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "2.0.14.0"
},
{
"model": "kla journal service",
"scope": "lte",
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": "1.0.51"
},
{
"model": "performa",
"scope": "lte",
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": "2.0.14.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performa",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "kla journal service",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "BID",
"id": "97057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "NVD",
"id": "CVE-2017-6022"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bd:performa:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.14.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bd:kla_journal_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.51",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6022"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "97057"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6022",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-6022",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-10824",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6022",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6022",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-10824",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-590",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "NVD",
"id": "CVE-2017-6022"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database. The former is a set of applications for system monitoring; the latter is a set of applications for incremental backups. \nAn attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. \nThe following products are affected:\nPerformA 2.0.14.0 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6022"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "BID",
"id": "97057"
},
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6022",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-17-082-01",
"trust": 2.7
},
{
"db": "BID",
"id": "97057",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-10824",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-590",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166",
"trust": 0.8
},
{
"db": "IVD",
"id": "A64ABC7A-BF26-449E-88CF-FDB20ADC7272",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "BID",
"id": "97057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "NVD",
"id": "CVE-2017-6022"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
}
]
},
"id": "VAR-201706-0455",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
}
],
"trust": 1.39375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
}
]
},
"last_update_date": "2023-12-18T13:19:28.283000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.bd.com/"
},
{
"title": "Patch for BD PerformA and KLA Journal Service Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/96347"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "NVD",
"id": "CVE-2017-6022"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-082-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/97057"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6022"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6022"
},
{
"trust": 0.3,
"url": "http://www.bd.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "BID",
"id": "97057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "NVD",
"id": "CVE-2017-6022"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"db": "BID",
"id": "97057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"db": "NVD",
"id": "CVE-2017-6022"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-23T00:00:00",
"db": "IVD",
"id": "a64abc7a-bf26-449e-88cf-fdb20adc7272"
},
{
"date": "2017-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"date": "2017-03-24T00:00:00",
"db": "BID",
"id": "97057"
},
{
"date": "2017-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"date": "2017-06-30T03:29:00.297000",
"db": "NVD",
"id": "CVE-2017-6022"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-590"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10824"
},
{
"date": "2017-03-29T01:01:00",
"db": "BID",
"id": "97057"
},
{
"date": "2017-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005166"
},
{
"date": "2019-10-09T23:28:34.480000",
"db": "NVD",
"id": "CVE-2017-6022"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-590"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BD PerformA and KLA Journal Service Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005166"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-590"
}
],
"trust": 0.6
}
}
VAR-201805-0252
Vulnerability from variot - Updated: 2023-12-18 13:13A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. DB Manager and PerformA In SQL An injection vulnerability exists.Information is falsified and denial of service (DoS) May be in a state. BD DB Manager and PerformA are products of BD (Bection, Dickinson and Commpany). BD DB Manager is a database manager. PerformA is a performance manager. Security vulnerabilities exist in BD DB Manager 3.0.1.0 and earlier and PerformA 3.0.0.0 and earlier. An attacker could exploit the vulnerability to issue SQL commands, causing data corruption
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database manager",
"scope": "eq",
"trust": 1.6,
"vendor": "bd",
"version": "3.0.1.0"
},
{
"model": "performa",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "3.0.0.0"
},
{
"model": "reada",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "1.1.0.2"
},
{
"model": "database manager",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "performa",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "reada",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "db manager",
"scope": "lte",
"trust": 0.6,
"vendor": "becton dickinson and",
"version": "\u003c=3.0.1.0"
},
{
"model": "performa",
"scope": "lte",
"trust": 0.6,
"vendor": "becton dickinson and",
"version": "\u003c=3.0.0.0"
},
{
"model": "reada",
"scope": "eq",
"trust": 0.6,
"vendor": "bd",
"version": "1.1.0.2"
},
{
"model": "performa",
"scope": "eq",
"trust": 0.6,
"vendor": "bd",
"version": "3.0.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "database manager",
"version": "3.0.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performa",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "reada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bd:performa:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bd:database_manager:3.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bd:reada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:bd:kiestra_wca:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:bd:inoqula\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:bd:kiestra_tla:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10593"
}
]
},
"cve": "CVE-2018-10593",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.4,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-10593",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-10584",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.2,
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.4,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.6,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-10593",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10593",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-10584",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-819",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. DB Manager and PerformA In SQL An injection vulnerability exists.Information is falsified and denial of service (DoS) May be in a state. BD DB Manager and PerformA are products of BD (Bection, Dickinson and Commpany). BD DB Manager is a database manager. PerformA is a performance manager. Security vulnerabilities exist in BD DB Manager 3.0.1.0 and earlier and PerformA 3.0.0.0 and earlier. An attacker could exploit the vulnerability to issue SQL commands, causing data corruption",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10593",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-18-142-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2018-10584",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F0BF0F-39AB-11E9-89CB-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"id": "VAR-201805-0252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
}
],
"trust": 1.513541675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
}
]
},
"last_update_date": "2023-12-18T13:13:54.048000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product security bulletin for BD Kiestra TLA, BD Kiestra WCA, BD InoqulA",
"trust": 0.8,
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-142-01"
},
{
"trust": 1.6,
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10593"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10593"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"date": "2018-05-24T16:29:00.223000",
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"date": "2018-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10584"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005345"
},
{
"date": "2019-10-09T23:32:51.930000",
"db": "NVD",
"id": "CVE-2018-10593"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DB Manager and PerformA In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005345"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2f0bf0f-39ab-11e9-89cb-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-819"
}
],
"trust": 0.8
}
}
VAR-201805-0253
Vulnerability from variot - Updated: 2023-12-18 13:13A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. ReadA Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BD ReadA is a browser software used by BD (Bection, Dickinson and Commpany) in the United States. There are security vulnerabilities in BD ReadA 1.1.0.2 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0253",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database manager",
"scope": "eq",
"trust": 1.6,
"vendor": "bd",
"version": "3.0.1.0"
},
{
"model": "performa",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "3.0.0.0"
},
{
"model": "reada",
"scope": "lte",
"trust": 1.0,
"vendor": "bd",
"version": "1.1.0.2"
},
{
"model": "database manager",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "performa",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "reada",
"scope": null,
"trust": 0.8,
"vendor": "becton dickinson and bd",
"version": null
},
{
"model": "reada",
"scope": "lte",
"trust": 0.6,
"vendor": "becton dickinson and",
"version": "\u003c=1.1.0.2"
},
{
"model": "reada",
"scope": "eq",
"trust": 0.6,
"vendor": "bd",
"version": "1.1.0.2"
},
{
"model": "performa",
"scope": "eq",
"trust": 0.6,
"vendor": "bd",
"version": "3.0.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "database manager",
"version": "3.0.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "performa",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "reada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bd:performa:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bd:reada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bd:database_manager:3.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:bd:kiestra_wca:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:bd:kiestra_tla:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:bd:inoqula\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10595"
}
]
},
"cve": "CVE-2018-10595",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10595",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-10583",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.4,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10595",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10595",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-10583",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-818",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. ReadA Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BD ReadA is a browser software used by BD (Bection, Dickinson and Commpany) in the United States. There are security vulnerabilities in BD ReadA 1.1.0.2 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10595",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-18-142-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2018-10583",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F070F1-39AB-11E9-A5A2-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"id": "VAR-201805-0253",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
}
],
"trust": 1.4180555666666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
}
]
},
"last_update_date": "2023-12-18T13:13:54.081000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product security bulletin for BD Kiestra TLA, BD Kiestra WCA, BD InoqulA",
"trust": 0.8,
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-142-01"
},
{
"trust": 1.6,
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10595"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10595"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"date": "2018-05-24T16:29:00.270000",
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"date": "2018-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10583"
},
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005346"
},
{
"date": "2019-10-09T23:32:52.257000",
"db": "NVD",
"id": "CVE-2018-10595"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ReadA In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005346"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2f070f1-39ab-11e9-a5a2-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-818"
}
],
"trust": 0.8
}
}
FKIE_CVE-2018-10595
Vulnerability from fkie_nvd - Published: 2018-05-24 16:29 - Updated: 2024-11-21 03:41
Severity ?
Summary
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bd | database_manager | 3.0.1.0 | |
| bd | performa | * | |
| bd | reada | * | |
| bd | inoqula\+ | - | |
| bd | kiestra_tla | - | |
| bd | kiestra_wca | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:database_manager:3.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26F5FF20-158E-4845-B552-8E23C0E4AA63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:performa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2D594E-9D02-4669-8F34-5CE1973F5C6F",
"versionEndIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:reada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A552AC5-880A-4EFE-875A-60E1F37DD127",
"versionEndIncluding": "1.1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:inoqula\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "520604A4-38DE-4725-AD9D-1E6929E3619B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:bd:kiestra_tla:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80A40D4D-4BB9-45B1-BB10-C6ADCE2CFD56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:bd:kiestra_wca:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B172535-3DD4-46D6-9AF6-F8F795EC3747",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
},
{
"lang": "es",
"value": "Una vulnerabilidad en ReadA en versiones 1.1.0.2 y anteriores permite que un usuario autorizado con acceso a una cuenta privilegiada en un sistema BD Kiestra (Kiestra TLA, Kiestra WCA y InoqulA+ specimen processor) env\u00ede comandos SQL, lo que podr\u00eda resultar en una p\u00e9rdida o corrupci\u00f3n de datos."
}
],
"id": "CVE-2018-10595",
"lastModified": "2024-11-21T03:41:37.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.4,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-24T16:29:00.270",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-356"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-10593
Vulnerability from fkie_nvd - Published: 2018-05-24 16:29 - Updated: 2024-11-21 03:41
Severity ?
Summary
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bd | database_manager | 3.0.1.0 | |
| bd | performa | * | |
| bd | reada | * | |
| bd | inoqula\+ | - | |
| bd | kiestra_tla | - | |
| bd | kiestra_wca | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:database_manager:3.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26F5FF20-158E-4845-B552-8E23C0E4AA63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:performa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2D594E-9D02-4669-8F34-5CE1973F5C6F",
"versionEndIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bd:reada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A552AC5-880A-4EFE-875A-60E1F37DD127",
"versionEndIncluding": "1.1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:inoqula\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "520604A4-38DE-4725-AD9D-1E6929E3619B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:bd:kiestra_tla:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80A40D4D-4BB9-45B1-BB10-C6ADCE2CFD56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:bd:kiestra_wca:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B172535-3DD4-46D6-9AF6-F8F795EC3747",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
},
{
"lang": "es",
"value": "Una vulnerabilidad en DB Manager en versiones 3.0.1.0 y anteriores y PerformA en versiones 3.0.0.0 y anteriores permite que un usuario autorizado con acceso a una cuenta privilegiada en un sistema BD Kiestra (Kiestra TLA, Kiestra WCA y InoqulA+ specimen processor) env\u00ede comandos SQL, lo que podr\u00eda resultar en una corrupci\u00f3n de datos."
}
],
"id": "CVE-2018-10593",
"lastModified": "2024-11-21T03:41:37.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.4,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-24T16:29:00.223",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-356"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6022
Vulnerability from fkie_nvd - Published: 2017-06-30 03:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/97057 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97057 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bd | performa | * | |
| bd | kla_journal_service | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:performa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25B4C3F5-D413-4CE5-9C68-B7FCF686F54D",
"versionEndIncluding": "2.0.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bd:kla_journal_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2920987E-49B3-4BDB-BC2B-7BD23CE01457",
"versionEndIncluding": "1.0.51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de contrase\u00f1a embebida en Becton, Dickinson and Company (BD) PerformA, en su versi\u00f3n 2.0.14.0 y anteriores, y KLA Journal Service, en su versi\u00f3n 1.0.51 y anteriores. Ambos emplean contrase\u00f1as embebidas para acceder a la base de datos BD Kiestra, lo que podr\u00eda aprovecharse para comprometer la confidencialidad de la informaci\u00f3n PHI/PII limitada almacenada en la base de datos BD Kiestra."
}
],
"id": "CVE-2017-6022",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-30T03:29:00.297",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97057"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-259"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-10593 (GCVE-0-2018-10593)
Vulnerability from cvelistv5 – Published: 2018-05-24 16:00 – Updated: 2024-09-16 17:54
VLAI?
Summary
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.
Severity ?
No CVSS data available.
CWE
- CWE-356 - Product UI does not warn user of unsafe actions CWE-356
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company | Kiestra and InoqulA systems |
Affected:
Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "Product UI does not warn user of unsafe actions CWE-356",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kiestra and InoqulA systems",
"version": {
"version_data": [
{
"version_value": "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
}
]
}
}
]
},
"vendor_name": "Becton, Dickinson and Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Product UI does not warn user of unsafe actions CWE-356"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula",
"refsource": "CONFIRM",
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10593",
"datePublished": "2018-05-24T16:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T17:54:34.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10595 (GCVE-0-2018-10595)
Vulnerability from cvelistv5 – Published: 2018-05-24 16:00 – Updated: 2024-09-17 03:37
VLAI?
Summary
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.
Severity ?
No CVSS data available.
CWE
- CWE-356 - Product UI does not warn user of unsafe actions CWE-356
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company | Kiestra and InoqulA systems |
Affected:
Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous."
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "Product UI does not warn user of unsafe actions CWE-356",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kiestra and InoqulA systems",
"version": {
"version_data": [
{
"version_value": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous."
}
]
}
}
]
},
"vendor_name": "Becton, Dickinson and Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Product UI does not warn user of unsafe actions CWE-356"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula",
"refsource": "CONFIRM",
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10595",
"datePublished": "2018-05-24T16:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-17T03:37:22.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6022 (GCVE-0-2017-6022)
Vulnerability from cvelistv5 – Published: 2017-06-30 02:35 – Updated: 2024-08-05 15:18
VLAI?
Summary
A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | BD Kiestra PerformA and KLA Journal Service |
Affected:
BD Kiestra PerformA and KLA Journal Service
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name": "97057",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BD Kiestra PerformA and KLA Journal Service",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD Kiestra PerformA and KLA Journal Service"
}
]
}
],
"datePublic": "2017-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name": "97057",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97057"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BD Kiestra PerformA and KLA Journal Service",
"version": {
"version_data": [
{
"version_value": "BD Kiestra PerformA and KLA Journal Service"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name": "97057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97057"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6022",
"datePublished": "2017-06-30T02:35:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10593 (GCVE-0-2018-10593)
Vulnerability from nvd – Published: 2018-05-24 16:00 – Updated: 2024-09-16 17:54
VLAI?
Summary
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.
Severity ?
No CVSS data available.
CWE
- CWE-356 - Product UI does not warn user of unsafe actions CWE-356
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company | Kiestra and InoqulA systems |
Affected:
Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "Product UI does not warn user of unsafe actions CWE-356",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kiestra and InoqulA systems",
"version": {
"version_data": [
{
"version_value": "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
}
]
}
}
]
},
"vendor_name": "Becton, Dickinson and Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Product UI does not warn user of unsafe actions CWE-356"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula",
"refsource": "CONFIRM",
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10593",
"datePublished": "2018-05-24T16:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T17:54:34.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10595 (GCVE-0-2018-10595)
Vulnerability from nvd – Published: 2018-05-24 16:00 – Updated: 2024-09-17 03:37
VLAI?
Summary
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.
Severity ?
No CVSS data available.
CWE
- CWE-356 - Product UI does not warn user of unsafe actions CWE-356
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Becton, Dickinson and Company | Kiestra and InoqulA systems |
Affected:
Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kiestra and InoqulA systems",
"vendor": "Becton, Dickinson and Company",
"versions": [
{
"status": "affected",
"version": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous."
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "Product UI does not warn user of unsafe actions CWE-356",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kiestra and InoqulA systems",
"version": {
"version_data": [
{
"version_value": "Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor using ReadA Overview version 1.1.0.2 and previous."
}
]
}
}
]
},
"vendor_name": "Becton, Dickinson and Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Product UI does not warn user of unsafe actions CWE-356"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula",
"refsource": "CONFIRM",
"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10595",
"datePublished": "2018-05-24T16:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-17T03:37:22.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6022 (GCVE-0-2017-6022)
Vulnerability from nvd – Published: 2017-06-30 02:35 – Updated: 2024-08-05 15:18
VLAI?
Summary
A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | BD Kiestra PerformA and KLA Journal Service |
Affected:
BD Kiestra PerformA and KLA Journal Service
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name": "97057",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BD Kiestra PerformA and KLA Journal Service",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD Kiestra PerformA and KLA Journal Service"
}
]
}
],
"datePublic": "2017-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name": "97057",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97057"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BD Kiestra PerformA and KLA Journal Service",
"version": {
"version_data": [
{
"version_value": "BD Kiestra PerformA and KLA Journal Service"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name": "97057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97057"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6022",
"datePublished": "2017-06-30T02:35:00",
"dateReserved": "2017-02-16T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}