Vulnerability Identified in BD Alaris Infusion Products
A high severity vulnerability has been identified in the BD Alaris PC Unit which is vulnerable to a denial of service attack which would cause it to drop its wireless capability.
The vulnerability was identified by Medigate and was reported to BD. BD subsequently reported the flaw under its responsible disclosure policy and has provided mitigations and compensating controls to help users manage the risks associated with the flaw until an updated version of BD Alaris PC Unit software is released.
The flaw affects the following BD products:
BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier
BD Alaris Systems Manager, Versions 4.33 and earlier
The issue is due to improper authentication between vulnerable versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. While the vulnerability can...