Lucene search

[email protected]NVD:CVE-2022-47376

HistoryJun 13, 2023 - 8:15 p.m.

CVE-2022-47376

2023-06-1320:15:08

CWE-522

CWE-257

[email protected]

web.nvd.nist.gov

alaris infusion central

recoverable password

patient health data

personal data

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS

Percentile

9.0%

JSON

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data.

Affected configurations

Nvd

Node

bdalaris_infusion_centralRange1.1–1.3.2

VendorProductVersionCPE
bdalaris_infusion_central*cpe:2.3:a:bd:alaris_infusion_central:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bd	alaris_infusion_central	*	cpe:2.3:a:bd:alaris_infusion_central::::::::

References

www.bd.com/en-us/about-bd/cybersecurity/bulletin/alaris-infusion-central-recoverable-password-vulnerability

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2022-47376

cvelist1 prion1 cve1 ics1