EUVD-2023-32663

Malicious code in bioql PyPI...

CVE-2023-29063

The FACSChorus workstation does not prevent physical access to its PCI express PCIe slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM...

CVE-2023-29061 Lack of Adequate BIOS Authentication

There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication...

CVE-2023-29061

BD FACSChorus is affected by CVE-2023-29061 due to missing BIOS password on the workstation. In BD FACSChorus v5.0, v5.1, v3.0, and v3.1, a threat actor with physical access can access BIOS settings and modify boot order and pre-boot authentication. CVSS v3.1 base score 5.2 (AV:P, AC:L, PR:N, UI:...

CVE-2023-29060 Lack of USB Whitelisting

The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data...