Lucene search
BDCVELIST:CVE-2023-30561HistoryJul 13, 2023 - 7:03 p.m.
CVE-2023-30561 Lack of Cryptographic Security of IUI Bus
2023-07-1319:03:17
CWE-311
BD
www.cve.org
7
cve-2023-30561
cryptographic security
iui bus
infusion system
CVSS3
6.1
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
6.2
Confidence
High
EPSS
0.001
Percentile
23.5%
The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "BD AlarisΓ’βΒ’ Point-of-Care Unit (PCU) Model 8015",
"vendor": "Becton Dickinson & Co",
"versions": [
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
prion
prion
Information disclosure
2023-07-13 20:15:00
nvd
nvd
CVE-2023-30561
2023-07-13 20:15:09
cve
cve
CVE-2023-30561
2023-07-13 20:15:09
ics
ics
BD Alaris System with Guardrails Suite MX (Update A)
2023-10-26 12:00:00
CVSS3
6.1
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
6.2
Confidence
High
EPSS
0.001
Percentile
23.5%
Related for CVELIST:CVE-2023-30561