Published: 13/06/2019 Updated: 02/10/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Subscribe to Alaris Gateway Workstation Firmware

BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bd alaris_gateway_workstation_firmware 1.1.5
bd alaris_gateway_workstation_firmware 1.1.6
bd alaris_gateway_workstation_firmware 1.1.3
bd alaris_gateway_workstation_firmware 1.0.13

Hacking these medical pumps is as easy as copying a booby-trapped file over the network

The Register • Thomas Claburn in San Francisco • 13 Jun 2019

Uncle Sam sounds alarm after Windows CE SMB left wide open on hospital equipment Docs ran a simulation of what would happen if really nasty malware hit a city's hospitals. RIP :(

Two security vulnerabilities in medical workstations can exploited by scumbags to hijack the devices and connected infusion pumps, potentially causing harm to patients, the US government revealed today. The flaws, CVE-2019-10959, rated critical (specifically, 10 out 10 in severity), and CVE-2019-10962, rated medium (7.5), were identified by infosec biz CyberMDX. The bugs affect certain versions of the Becton Dickinson’s Alaris Gateway Workstation (AGW), which provides power and network connect...

CVE-2019-10962

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect