CVE-2019-10959

{"id": "CVE-2019-10959", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2019-06-13T21:29:15.817", "references": [{"url": "http://www.securityfocus.com/bid/108765", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/alaris-gateway-workstation-unauthorized-firmware", "tags": ["Vendor Advisory"], "source": "nvd@nist.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update."}, {"lang": "es", "value": "Bd Alaris Gateway Workstation Versiones 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 1, 1.3.0\nBuild 14, 1.3.1 Build, esto no impacta en las \u00faltimas versi\u00f3nes de firmware 1.3.2 y 1.6.1, adicionalmente, los siguiente productos usando versiones del programa 2.3.6 y m\u00e1s abajo Alaris GS, Alaris CC, Alaris TIVA, la aplicaci\u00f3n no restringe la recarga de archivos maliciosos durante la actualizaci\u00f3n de firmware"}], "lastModified": "2019-10-09T23:45:05.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8E78509-81FC-4AA8-8E9A-155336BBF8E9"}, {"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4993ECBE-3E97-47BB-897F-77FCF31F7EAD"}, {"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.2:15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02290475-CE3F-47CE-9855-5B6418A73A06"}, {"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.3.0:14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "848AD765-2FD3-4C12-8AB9-0AC1F9045353"}, {"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.3.1:13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5CC4AD0-3A05-4612-827F-81BAE525F184"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:alaris_gateway_workstation:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "506C8401-AF76-47C4-90EF-E6476C316230"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:alaris_gs_syringe_pump_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73726027-BCBF-4BAC-8EB1-4940D185152D", "versionEndIncluding": "2.3.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:alaris_gs_syringe_pump:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "875FC728-016A-4541-9043-9DA4D28DB480"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:alaris_gh_syringe_pump_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AAA03BC-107F-499F-9078-A2E0CDE5DD2B", "versionEndIncluding": "2.3.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:alaris_gh_syringe_pump:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3B80639E-5542-43B4-B804-2A5196781E85"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:alaris_cc_syringe_pump_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8316660-729D-4BA4-B443-568685BEBE4D", "versionEndIncluding": "2.3.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:alaris_cc_syringe_pump:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2212771-E8D3-4608-8B23-B7CB561094CE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:alaris_tiva_syringe_pump_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DBEBD56-F5F0-4025-8665-50CE6577D575", "versionEndIncluding": "2.3.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:alaris_tiva_syringe_pump:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19FFD0B4-82EF-42D2-BF2F-1BAE84EBF196"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}