bd CVE Vulnerabilities & CVE List (33)

Products (CPE): — CVEs: 33

bd vulnerability overview

Aggregates CVE and security vulnerability intelligence across all bd-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Common weakness patterns include vendor risk sql injection, vendor risk cross-site scripting, and vendor risk input validation, with potential vendor impact session compromise across vendor surface production workloads use cases.

Vulnerability distribution trend (last 24 months)

Showing 2133 of 33 CVEs
«« First « Prev Page 2 / 2 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2022-22766 Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information. [email protected] 7.0 0.22% 2022-02-11 2026-06-17
CVE-2020-25165 BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attac [email protected] 7.5 1.70% 2020-11-13 2026-06-16
CVE-2020-10598 In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data. [email protected] 6.1 0.33% 2020-04-01 2026-06-16
CVE-2019-13517 In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain. [email protected] 8.8 1.29% 2019-09-06 2026-06-16
CVE-2019-10962 BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device. [email protected] 5.3 1.68% 2019-06-13 2026-06-16
CVE-2019-10959 BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update. [email protected] 10.0 2.53% 2019-06-13 2026-06-16
CVE-2019-6517 BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions. [email protected] 6.8 0.42% 2019-02-06 2026-06-16
CVE-2018-14786 Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal serv [email protected] 9.4 3.06% 2018-08-23 2026-06-16
CVE-2018-10595 A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. [email protected] 6.3 0.41% 2018-05-24 2026-06-16
CVE-2018-10593 A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. [email protected] 5.6 0.36% 2018-05-24 2026-06-16
CVE-2017-6022 A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database. [email protected] 9.8 1.75% 2017-06-29 2026-06-16
CVE-2016-9355 An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store [email protected] 5.3 0.51% 2017-02-13 2026-06-16
CVE-2016-8375 An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless netwo [email protected] 4.9 1.00% 2017-02-13 2026-06-16
«« First « Prev Page 2 / 2 Next »
cvelogic Threat Intelligence