Lucene search
HistoryJul 13, 2023 - 8:15 p.m.
CVE-2023-30561
pcu
data flow
insecure
physical access
threat actors
infusion.
CVSS3
6.1
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
23.5%
The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.
Affected configurations
Node
bdalaris_8015_pcuMatch-
bdalaris_8015_pcu_firmwareRange≤12.1.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bd | alaris_8015_pcu | - | cpe:2.3:h:bd:alaris_8015_pcu:-:*:*:*:*:*:*:* |
| bd | alaris_8015_pcu_firmware | * | cpe:2.3:o:bd:alaris_8015_pcu_firmware:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-30561 Lack of Cryptographic Security of IUI Bus
2023-07-13 19:03:17
prion
prion
Information disclosure
2023-07-13 20:15:00
cve
cve
CVE-2023-30561
2023-07-13 20:15:09
ics
ics
BD Alaris System with Guardrails Suite MX (Update A)
2023-10-26 12:00:00
CVSS3
6.1
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
23.5%
Related for NVD:CVE-2023-30561