- Description
- BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- NVD-CWE-Other
- ics-cert@hq.dhs.gov
- CWE-284
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.0.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B20B97A8-51D4-4ACA-B237-BF6718C84233"
},
{
"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8E78509-81FC-4AA8-8E9A-155336BBF8E9"
},
{
"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4993ECBE-3E97-47BB-897F-77FCF31F7EAD"
},
{
"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2F66891-2DFE-440E-AF9C-5BD6FA9AA68F"
},
{
"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D9581B3-999A-4198-A35A-90177AEC21E7"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:alaris_gateway_workstation:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "506C8401-AF76-47C4-90EF-E6476C316230"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]