Vulnerability-Lookup

CVE-2019-10962 (GCVE-0-2019-10962)

Vulnerability from cvelistv5 – Published: 2019-06-13 20:03 – Updated: 2024-08-04 22:40

Summary

Severity ?

No CVSS data available.

CWE

CWE-284 - IMPROPER ACCESS CONTROL CWE-284

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	BD Alaris Gateway Workstation	Affected: versions 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5,1.1.6

ICSMA-19-164-01

Vulnerability from csaf_cisa - Published: 2019-06-13 00:00 - Updated: 2019-06-13 00:00

Summary

BD Alaris Gateway Workstation

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Exploitation of these vulnerabilities could allow unauthorized arbitrary code execution, which could allow an attacker to view and edit device status and configuration details as well as cause devices to become unavailable. The vendor has stated the affected products are not sold in the United States.

Critical infrastructure sectors

Healthcare and Public Health

Countries/areas deployed

Europe, Asia

Company headquarters location

United States

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Elad Luz"
        ],
        "organization": "CyberMDX",
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Exploitation of these vulnerabilities could allow unauthorized arbitrary code execution, which could allow an attacker to view and edit device status and configuration details as well as cause devices to become unavailable. The vendor has stated the affected products are not sold in the United States.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Healthcare and Public Health",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Europe, Asia",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-19-164-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsma-19-164-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-19-164-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-164-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-164-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "BD Alaris Gateway Workstation",
    "tracking": {
      "current_release_date": "2019-06-13T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSMA-19-164-01",
      "initial_release_date": "2019-06-13T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-06-13T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-19-164-01 BD Alaris Gateway Workstation"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.3.6 and  below",
                "product": {
                  "name": "Alaris Gateway Workstation Alaris GS: software Version 2.3.6 and below",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Alaris Gateway Workstation Alaris GS"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.1.6",
                "product": {
                  "name": "Alaris Gateway Workstation: 1.1.6",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Alaris Gateway Workstation"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.1.5",
                "product": {
                  "name": "Alaris Gateway Workstation: 1.1.5",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Alaris Gateway Workstation"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.3.6 and  below",
                "product": {
                  "name": "Alaris Gateway Workstation Alaris GH: software Version 2.3.6 and below",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Alaris Gateway Workstation Alaris GH"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.3.6 and  below",
                "product": {
                  "name": "Alaris Gateway Workstation Alaris CC: software Version 2.3.6 and below",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "Alaris Gateway Workstation Alaris CC"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.3.1 Build 13",
                "product": {
                  "name": "Alaris Gateway Workstation: 1.3.1 Build 13",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "Alaris Gateway Workstation"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.1.3 MR Build 11",
                "product": {
                  "name": "Alaris Gateway Workstation: 1.1.3 MR Build 11",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "Alaris Gateway Workstation"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.3.6 and  below",
                "product": {
                  "name": "Alaris Gateway Workstation Alaris TIVA: software Version 2.3.6 and below",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "Alaris Gateway Workstation Alaris TIVA"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0.13",
                "product": {
                  "name": "Alaris Gateway Workstation: 1.0.13",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "Alaris Gateway Workstation"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.3.0 Build 14",
                "product": {
                  "name": "Alaris Gateway Workstation: 1.3.0 Build 14",
                  "product_id": "CSAFPID-00010"
                }
              }
            ],
            "category": "product_name",
            "name": "Alaris Gateway Workstation"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.1.3 Build 10",
                "product": {
                  "name": "Alaris Gateway Workstation: 1.1.3 Build 10",
                  "product_id": "CSAFPID-00011"
                }
              }
            ],
            "category": "product_name",
            "name": "Alaris Gateway Workstation"
          }
        ],
        "category": "vendor",
        "name": "Becton, Dickinson and Company (BD)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10962",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device.CVE-2019-10962 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10962"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "BD recommends the following mitigations and compensating controls in order to reduce risk associated with these vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For the Alaris Gateway Workstation Web Browser User Interface vulnerability:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For the Alaris Gateway Workstation Dangerous File Upload vulnerability:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "BD is currently assessing additional remediation efforts, including an adjustment to restrict the SMB protocol.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For more information on BD \u0027s product security and vulnerability management, contact BD \u0027s Product Security Office at:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ],
          "url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins"
        },
        {
          "category": "vendor_fix",
          "details": "https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ],
          "url": "https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-10959",
      "cwe": {
        "id": "CWE-434",
        "name": "Unrestricted Upload of File with Dangerous Type"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application does not restrict the upload of malicious files during a firmware update.CVE-2019-10959 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10959"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "BD recommends the following mitigations and compensating controls in order to reduce risk associated with these vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For the Alaris Gateway Workstation Web Browser User Interface vulnerability:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For the Alaris Gateway Workstation Dangerous File Upload vulnerability:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "BD is currently assessing additional remediation efforts, including an adjustment to restrict the SMB protocol.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For more information on BD \u0027s product security and vulnerability management, contact BD \u0027s Product Security Office at:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ],
          "url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins"
        },
        {
          "category": "vendor_fix",
          "details": "https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ],
          "url": "https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        }
      ]
    }
  ]
}

FKIE_CVE-2019-10962

Vulnerability from fkie_nvd - Published: 2019-06-13 21:29 - Updated: 2024-11-21 04:20

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/108763	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01	Mitigation, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108763	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01	Mitigation, Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
bd	alaris_gateway_workstation_firmware	1.0.13
bd	alaris_gateway_workstation_firmware	1.1.3
bd	alaris_gateway_workstation_firmware	1.1.3
bd	alaris_gateway_workstation_firmware	1.1.5
bd	alaris_gateway_workstation_firmware	1.1.6
bd	alaris_gateway_workstation	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B20B97A8-51D4-4ACA-B237-BF6718C84233",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:10:*:*:*:*:*:*",
              "matchCriteriaId": "E8E78509-81FC-4AA8-8E9A-155336BBF8E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:11:*:*:*:*:*:*",
              "matchCriteriaId": "4993ECBE-3E97-47BB-897F-77FCF31F7EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F66891-2DFE-440E-AF9C-5BD6FA9AA68F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D9581B3-999A-4198-A35A-90177AEC21E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bd:alaris_gateway_workstation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "506C8401-AF76-47C4-90EF-E6476C316230",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device."
    },
    {
      "lang": "es",
      "value": "BD Alaris Gateway versiones, 1.0.13,1.1.3 Build 10.1.1.3 MR Build 11,1.1.5, y 1.1.6 El interfaz de un usuario del navegador  web en el Alarias Gateway Workstation no impide a aun atacante con conocimiento de la direcci\u00f3n de el IP de el Alaris Gateway Workstation para conseguir acceso al estado y conseguir informaci\u00f3n de configuraci\u00f3n"
    }
  ],
  "id": "CVE-2019-10962",
  "lastModified": "2024-11-21T04:20:15.143",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-13T21:29:15.877",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108763"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-10962

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-10962

Aliases

CVE-2019-10962

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-10962",
    "description": "BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device.",
    "id": "GSD-2019-10962"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-10962"
      ],
      "details": "BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device.",
      "id": "GSD-2019-10962",
      "modified": "2023-12-13T01:23:58.052719Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2019-10962",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BD Alaris Gateway Workstation",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "versions 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5,1.1.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "IMPROPER ACCESS CONTROL CWE-284"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01"
          },
          {
            "name": "108763",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/108763"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:11:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:10:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.0.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:bd:alaris_gateway_workstation:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10962"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01"
            },
            {
              "name": "108763",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/108763"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-10-02T14:34Z",
      "publishedDate": "2019-06-13T21:29Z"
    }
  }
}

CNVD-2019-21242

Vulnerability from cnvd - Published: 2019-07-04

Title

BD Alaris Gateway Workstation身份验证绕过漏洞

Description

BD Alaris Gateway Workstation等都是美国碧迪医疗（BD）公司的产品。BD Alaris Gateway Workstation是一套智能输液系统。BD Alaris GS是一款医用注射泵。BD Alaris GH是一款医用注射泵。多款BD产品中存在访问控制错误漏洞。攻击者可以利用此漏洞绕过安全限制并执行未经授权的操作。

Severity

中

Patch Name

BD Alaris Gateway Workstation身份验证绕过漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.bd.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-10962 https://www.auscert.org.au/bulletins/ESB-2019.2118/ https://www.securityfocus.com/bid/108763

Impacted products

Name
['BD Alaris Gateway Workstation 1.0.13', 'BD Alaris Gateway Workstation 1.1.3 Build 10', 'BD Alaris Gateway Workstation 1.1.3 MR Build 11', 'BD Alaris Gateway Workstation 1.1.5', 'BD Alaris Gateway Workstation 1.1.6', 'BD Alaris GS <=2.3.6', 'BD Alaris GH <=2.3.6', 'BD Alaris CC <=2.3.6', 'BD Alaris TIVA <=2.3.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-10962"
    }
  },
  "description": "BD Alaris Gateway Workstation\u7b49\u90fd\u662f\u7f8e\u56fd\u78a7\u8fea\u533b\u7597\uff08BD\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002BD Alaris Gateway Workstation\u662f\u4e00\u5957\u667a\u80fd\u8f93\u6db2\u7cfb\u7edf\u3002BD Alaris GS\u662f\u4e00\u6b3e\u533b\u7528\u6ce8\u5c04\u6cf5\u3002BD Alaris GH\u662f\u4e00\u6b3e\u533b\u7528\u6ce8\u5c04\u6cf5\u3002\n\n\u591a\u6b3eBD\u4ea7\u54c1\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002 \u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002",
  "discovererName": "Elad Luz of CyberMDX",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.bd.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-21242",
  "openTime": "2019-07-04",
  "patchDescription": "BD Alaris Gateway Workstation\u7b49\u90fd\u662f\u7f8e\u56fd\u78a7\u8fea\u533b\u7597\uff08BD\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002BD Alaris Gateway Workstation\u662f\u4e00\u5957\u667a\u80fd\u8f93\u6db2\u7cfb\u7edf\u3002BD Alaris GS\u662f\u4e00\u6b3e\u533b\u7528\u6ce8\u5c04\u6cf5\u3002BD Alaris GH\u662f\u4e00\u6b3e\u533b\u7528\u6ce8\u5c04\u6cf5\u3002\r\n\r\n\u591a\u6b3eBD\u4ea7\u54c1\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002 \u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "BD Alaris Gateway Workstation\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "BD Alaris Gateway Workstation 1.0.13",
      "BD Alaris Gateway Workstation 1.1.3 Build 10",
      "BD Alaris Gateway Workstation 1.1.3 MR Build 11",
      "BD Alaris Gateway Workstation 1.1.5",
      "BD Alaris Gateway Workstation 1.1.6",
      "BD Alaris GS \u003c=2.3.6",
      "BD Alaris GH \u003c=2.3.6",
      "BD Alaris CC \u003c=2.3.6",
      "BD Alaris TIVA \u003c=2.3.6"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-10962\r\nhttps://www.auscert.org.au/bulletins/ESB-2019.2118/\r\nhttps://www.securityfocus.com/bid/108763",
  "serverity": "\u4e2d",
  "submitTime": "2019-06-21",
  "title": "BD Alaris Gateway Workstation\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

VAR-201906-1019

Vulnerability from variot - Updated: 2023-12-18 13:43

BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device. Alaris Gateway Workstation Contains an access control vulnerability.Information may be obtained. BDAlarisGatewayWorkstation and others are products of BD Biotech. BDAlarisGatewayWorkstation is a smart infusion system. BDAlarisGS is a medical syringe pump. BDAlarisGH is a medical syringe pump. An access control error vulnerability exists in several BD products. An attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized operations. BD Alaris Gateway Workstation is prone to an authentication-bypass vulnerability. The following products are affected: BD Alaris Gateway Workstation 1.0.13, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.1.5, 1.1.6 BD Alaris GS 2.3.6 and prior BD Alaris GH 2.3.6 and prior BD Alaris CC 2.3.6 and prior BD Alaris TIVA 2.3.6 and prior. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-1019",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "alaris gateway workstation",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "bd",
        "version": "1.0.13"
      },
      {
        "model": "alaris gateway workstation",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "bd",
        "version": "1.1.5"
      },
      {
        "model": "alaris gateway workstation",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "bd",
        "version": "1.1.6"
      },
      {
        "model": "alaris gateway workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "bd",
        "version": "1.1.3"
      },
      {
        "model": "alaris gateway workstation build",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "bd",
        "version": "1.1.310"
      },
      {
        "model": "alaris gateway workstation mr build",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "bd",
        "version": "1.1.311"
      },
      {
        "model": "alaris gateway workstation",
        "scope": null,
        "trust": 0.8,
        "vendor": "becton dickinson and bd",
        "version": null
      },
      {
        "model": "alaris gs",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "bd",
        "version": "\u003c=2.3.6"
      },
      {
        "model": "alaris gh",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "bd",
        "version": "\u003c=2.3.6"
      },
      {
        "model": "alaris cc",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "bd",
        "version": "\u003c=2.3.6"
      },
      {
        "model": "alaris tiva",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "bd",
        "version": "\u003c=2.3.6"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "alaris gateway workstation",
        "version": "1.1.3"
      },
      {
        "model": "alaris tiva",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "2.3.6"
      },
      {
        "model": "alaris tiva",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "2.0"
      },
      {
        "model": "alaris tiva",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "1.9.4"
      },
      {
        "model": "alaris tiva",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "1.5.10"
      },
      {
        "model": "alaris gs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "2.3.6"
      },
      {
        "model": "alaris gs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "2.0"
      },
      {
        "model": "alaris gs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "1.9.4"
      },
      {
        "model": "alaris gs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "1.5.10"
      },
      {
        "model": "alaris gh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "2.3.6"
      },
      {
        "model": "alaris gh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "2.0"
      },
      {
        "model": "alaris gh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "1.9.4"
      },
      {
        "model": "alaris gh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "1.5.10"
      },
      {
        "model": "alaris cc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "2.3.6"
      },
      {
        "model": "alaris cc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "2.0"
      },
      {
        "model": "alaris cc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "1.9.4"
      },
      {
        "model": "alaris cc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bd",
        "version": "1.5.10"
      },
      {
        "model": "alaris gateway workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bd",
        "version": "1.6.1"
      },
      {
        "model": "alaris gateway workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bd",
        "version": "1.3.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "alaris gateway workstation",
        "version": "1.0.13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "alaris gateway workstation",
        "version": "1.1.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "alaris gateway workstation",
        "version": "1.1.6"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "77b00f7e-9050-438e-9f16-a553a2a7d5ae"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-21242"
      },
      {
        "db": "BID",
        "id": "108763"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005569"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10962"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:11:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:10:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.0.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:bd:alaris_gateway_workstation:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10962"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Elad Luz of CyberMDX reported these vulnerabilities to NCCIC.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-583"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-10962",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-10962",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-21242",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "77b00f7e-9050-438e-9f16-a553a2a7d5ae",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-142561",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2019-10962",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-10962",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-21242",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-583",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "77b00f7e-9050-438e-9f16-a553a2a7d5ae",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-142561",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-10962",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "77b00f7e-9050-438e-9f16-a553a2a7d5ae"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-21242"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142561"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10962"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005569"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10962"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-583"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device. Alaris Gateway Workstation Contains an access control vulnerability.Information may be obtained. BDAlarisGatewayWorkstation and others are products of BD Biotech. BDAlarisGatewayWorkstation is a smart infusion system. BDAlarisGS is a medical syringe pump. BDAlarisGH is a medical syringe pump. An access control error vulnerability exists in several BD products. An attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized operations. BD Alaris Gateway Workstation is prone to an authentication-bypass vulnerability. \nThe following products are affected:\nBD Alaris Gateway Workstation 1.0.13, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.1.5, 1.1.6\nBD Alaris GS 2.3.6 and prior\nBD Alaris GH 2.3.6 and prior\nBD Alaris CC 2.3.6 and prior\nBD Alaris TIVA 2.3.6 and prior. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10962"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005569"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-21242"
      },
      {
        "db": "BID",
        "id": "108763"
      },
      {
        "db": "IVD",
        "id": "77b00f7e-9050-438e-9f16-a553a2a7d5ae"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142561"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10962"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-10962",
        "trust": 3.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSMA-19-164-01",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "108763",
        "trust": 2.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2118",
        "trust": 1.2
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-583",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-21242",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005569",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "77B00F7E-9050-438E-9F16-A553A2A7D5AE",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-142561",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10962",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "77b00f7e-9050-438e-9f16-a553a2a7d5ae"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-21242"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142561"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10962"
      },
      {
        "db": "BID",
        "id": "108763"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005569"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10962"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-583"
      }
    ]
  },
  "id": "VAR-201906-1019",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "77b00f7e-9050-438e-9f16-a553a2a7d5ae"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-21242"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142561"
      }
    ],
    "trust": 1.5944444500000001
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "77b00f7e-9050-438e-9f16-a553a2a7d5ae"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-21242"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:43:21.442000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Alaris Gateway Workstation",
        "trust": 0.8,
        "url": "https://www.bd.com/en-uk/products/infusion/infusion-interoperability/alaris-gateway-workstation"
      },
      {
        "title": "BDAlarisGatewayWorkstation authentication bypass vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/167051"
      },
      {
        "title": "Multiple BD Product access control error vulnerability fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93804"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2019/06/13/medical_workstation_vulnerabilities/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/critical-bug-infusion-pump-lives-at-risk/145660/"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/critical-bug-in-infusion-system-allows-changing-drug-dose-in-medical-pumps/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21242"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10962"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005569"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-583"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-142561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005569"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10962"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "https://ics-cert.us-cert.gov/advisories/icsma-19-164-01"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/108763"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10962"
      },
      {
        "trust": 1.2,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2118/"
      },
      {
        "trust": 0.9,
        "url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/alaris-gateway-workstation-web-browser-user-interface-lack-of-authentication-"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10962"
      },
      {
        "trust": 0.3,
        "url": "https://www.bd.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/critical-bug-infusion-pump-lives-at-risk/145660/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21242"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142561"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10962"
      },
      {
        "db": "BID",
        "id": "108763"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005569"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10962"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-583"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "77b00f7e-9050-438e-9f16-a553a2a7d5ae"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-21242"
      },
      {
        "db": "VULHUB",
        "id": "VHN-142561"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10962"
      },
      {
        "db": "BID",
        "id": "108763"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005569"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10962"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-583"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-04T00:00:00",
        "db": "IVD",
        "id": "77b00f7e-9050-438e-9f16-a553a2a7d5ae"
      },
      {
        "date": "2019-07-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-21242"
      },
      {
        "date": "2019-06-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142561"
      },
      {
        "date": "2019-06-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-10962"
      },
      {
        "date": "2019-06-13T00:00:00",
        "db": "BID",
        "id": "108763"
      },
      {
        "date": "2019-06-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005569"
      },
      {
        "date": "2019-06-13T21:29:15.877000",
        "db": "NVD",
        "id": "CVE-2019-10962"
      },
      {
        "date": "2019-06-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-583"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-21242"
      },
      {
        "date": "2020-10-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-142561"
      },
      {
        "date": "2020-10-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-10962"
      },
      {
        "date": "2019-06-13T00:00:00",
        "db": "BID",
        "id": "108763"
      },
      {
        "date": "2019-06-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005569"
      },
      {
        "date": "2020-10-02T14:34:46.360000",
        "db": "NVD",
        "id": "CVE-2019-10962"
      },
      {
        "date": "2020-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-583"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-583"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BD Alaris Gateway Workstation Authentication Bypass Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "77b00f7e-9050-438e-9f16-a553a2a7d5ae"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-21242"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-583"
      }
    ],
    "trust": 0.6
  }
}

GHSA-R326-V6PH-FQQG

Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:57

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-10962"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-13T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device.",
  "id": "GHSA-r326-v6ph-fqqg",
  "modified": "2024-04-04T00:57:04Z",
  "published": "2022-05-24T16:47:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10962"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108763"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-10962 (GCVE-0-2019-10962)

ICSMA-19-164-01

FKIE_CVE-2019-10962

GSD-2019-10962

CNVD-2019-21242

VAR-201906-1019

GHSA-R326-V6PH-FQQG

Tags

Sightings

Nomenclature