Published: 13/06/2019 Updated: 09/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Alaris Gateway Workstation Firmware

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bd alaris_gateway_workstation_firmware 1.3.0
bd alaris_gateway_workstation_firmware 1.3.1
bd alaris_gateway_workstation_firmware 1.1.3
bd alaris_gateway_workstation_firmware 1.2
bd alaris_gs_syringe_pump_firmware
bd alaris_gh_syringe_pump_firmware
bd alaris_cc_syringe_pump_firmware
bd alaris_tiva_syringe_pump_firmware

Hacking these medical pumps is as easy as copying a booby-trapped file over the network

The Register • Thomas Claburn in San Francisco • 13 Jun 2019

Uncle Sam sounds alarm after Windows CE SMB left wide open on hospital equipment Docs ran a simulation of what would happen if really nasty malware hit a city's hospitals. RIP :(

Two security vulnerabilities in medical workstations can exploited by scumbags to hijack the devices and connected infusion pumps, potentially causing harm to patients, the US government revealed today. The flaws, CVE-2019-10959, rated critical (specifically, 10 out 10 in severity), and CVE-2019-10962, rated medium (7.5), were identified by infosec biz CyberMDX. The bugs affect certain versions of the Becton Dickinson’s Alaris Gateway Workstation (AGW), which provides power and network connect...

CVE-2019-10959

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect