CVE-2024-10476

CVSS V2 None CVSS V3 None

Description

Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys™ Informatics Solution is only in scope of this vulnerability when installed on a NUC server. BD Synapsys™ Informatics Solution installed on a customer-provided virtual machine or on the BD Kiestra™ SCU hardware is not in scope.

Overview

CVE ID
CVE-2024-10476

Assigner
BD

Vulnerability Status
PUBLISHED

Published Version
2024-12-17T15:16:44.982Z

Last Modified Date
2024-12-17T15:35:43.490Z

Weakness Enumerations

CWE	URL
CWE-1392	http://cwe.mitre.org/data/definitions/1392.html

References

Reference URL	Reference Tags
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-cybersecurity-vulnerability-bulletin-diagnostic-solutions-products

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-10476
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10476

History

Created	Old Value	New Value	Data Type	Notes
2024-12-18 13:10:12				Added to TrackCVE