Alaris 8015 Pcu Firmware
CVE-2023-30561
MEDIUM
Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.
AnalysisAI
The data flowing between the PCU and its modules is insecure. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-311. The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running. Affected products include: Bd Alaris 8015 Pcu Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Alaris 8015 Pcu Firmware
View allBD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The
The configuration from the PCU can be modified without authentication using physical connection to the PCU. Rated medium
The firmware update package for the wireless card is not properly signed and can be modified. Rated medium severity (CVS
Same weakness CWE-311 – Missing Encryption of Sensitive Data
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today