icsma-24-352-01
Vulnerability from csaf_cisa
Published
2024-12-17 07:00
Modified
2024-12-17 07:00
Summary
BD Diagnostic Solutions Products
Notes
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of this vulnerability could allow an attacker to use default credentials to access, modify, or delete sensitive data, which could impact the availability of the system or cause a system shutdown.
Critical infrastructure sectors
Healthcare and Public Health
Countries/areas deployed
Worldwide
Company headquarters location
United States
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.
{ document: { acknowledgments: [ { organization: "BD", summary: "reporting this vulnerability to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en-US", notes: [ { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "summary", text: "Successful exploitation of this vulnerability could allow an attacker to use default credentials to access, modify, or delete sensitive data, which could impact the availability of the system or cause a system shutdown.", title: "Risk evaluation", }, { category: "other", text: "Healthcare and Public Health", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "United States", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:", title: "Recommended Practices", }, { category: "general", text: "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", title: "Recommended Practices", }, { category: "general", text: "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.", title: "Recommended Practices", }, { category: "general", text: "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", title: "Recommended Practices", }, { category: "general", text: "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, { category: "general", text: "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.", title: "Recommended Practices", }, ], publisher: { category: "coordinator", contact_details: "central@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "ICS Advisory ICSMA-24-352-01 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsma-24-352-01.json", }, { category: "self", summary: "ICSA Advisory ICSMA-24-352-01 - Web Version", url: "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-352-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/topics/industrial-control-systems", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ncas/tips/ST04-014", }, ], title: "BD Diagnostic Solutions Products", tracking: { current_release_date: "2024-12-17T07:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSMA-24-352-01", initial_release_date: "2024-12-17T07:00:00.000000Z", revision_history: [ { date: "2024-12-17T07:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "Initial Publication", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "Becton, Dickinson and Company (BD) BD BACTEC Blood Culture System: vers:all/*", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "BD BACTEC Blood Culture System", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "Becton, Dickinson and Company (BD) BD COR System: vers:all/*", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "BD COR System", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "Becton, Dickinson and Company (BD) BD EpiCenter Microbiology Data Management System: vers:all/*", product_id: "CSAFPID-0003", }, }, ], category: "product_name", name: "BD EpiCenter Microbiology Data Management System", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "Becton, Dickinson and Company (BD) BD MAX System: vers:all/*", product_id: "CSAFPID-0004", }, }, ], category: "product_name", name: "BD MAX System", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "Becton, Dickinson and Company (BD) BD Phoenix M50 Automated Microbiology System: vers:all/*", product_id: "CSAFPID-0005", }, }, ], category: "product_name", name: "BD Phoenix M50 Automated Microbiology System", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "Becton, Dickinson and Company (BD) BD Synapsys Informatics Solution: vers:all/*", product_id: "CSAFPID-0006", }, }, ], category: "product_name", name: "BD Synapsys Informatics Solution", }, ], category: "vendor", name: "Becton, Dickinson and Company (BD)", }, ], }, vulnerabilities: [ { cve: "CVE-2024-10476", cwe: { id: "CWE-1392", name: "Use of Default Credentials", }, notes: [ { category: "summary", text: "Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system.", title: "Vulnerability Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], }, references: [ { category: "external", summary: "www.cve.org", url: "https://www.cve.org/CVERecord?id=CVE-2024-10476", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "BD has already communicated to customers with affected products and is working with them to update default credentials on affected products. For this vulnerability to be exploited, a threat actor will need direct access, whether logical or physical, into the clinical setting.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], }, { category: "vendor_fix", details: "Note: BD Synapsys Informatics Solution is only in scope of this vulnerability when installed on a NUC server. BD Synapsys Informatics Solution installed on a customer-provided virtual machine or on the BD Kiestra SCU hardware is not in scope.", product_ids: [ "CSAFPID-0006", ], }, { category: "mitigation", details: "The BD Diagnostic Solutions products' default credentials are intended for use by BD technical support teams for the above-mentioned BD products within the clinical setting. A threat actor would have to compromise your local network and, in some cases, may also need to be physically present at the instrument in order to use these product service credentials.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], }, { category: "mitigation", details: "The BD RSS platform has not been impacted by and is not in scope of this vulnerability.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], }, { category: "mitigation", details: "BD strongly recommends customer execute actions which strengthen the controls around the logical and physical environments where Diagnostic Solutions instruments are located. The following best practices are recommended for maintaining strong security measures to protect customer networks and associated medical devices including:", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], }, { category: "mitigation", details: "Ensure access to potentially vulnerable devices is limited to authorized personnel", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], }, { category: "mitigation", details: "Inform authorized users of issue, and ensure all relevant passwords are tightly controlled", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], }, { category: "mitigation", details: "Monitor and log network traffic attempting to reach medical device management environments for suspicious activity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], }, { category: "mitigation", details: "Where possible, isolate affected devices in a secure VLAN or behind firewalls with restricted access that only permits communication with trusted hosts in other networks when needed", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], }, { category: "mitigation", details: "Impacted devices do not require use of RDP ports and these should be disabled or blocked if enabled", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], }, { category: "mitigation", details: "Ensure permissions on file shares are appropriately established and enforced, and monitor and log access for evidence of suspicious activity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], }, { category: "mitigation", details: "Disconnect devices from the network if connectivity is not necessary", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], }, { category: "mitigation", details: "For more information, refer to BD's security bulletin.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], url: "https://bd.com/en-us/about-bd/cybersecurity/bulletin/bd-cybersecurity-vulnerability-bulletin-diagnostic-solutions-products", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", ], }, ], }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.