CVE-2019-10962
Published Jun 13, 2019
Last updated 4 years ago
Overview
- Description
- BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- ics-cert@hq.dhs.gov
- CWE-284
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.0.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B20B97A8-51D4-4ACA-B237-BF6718C84233"
},
{
"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8E78509-81FC-4AA8-8E9A-155336BBF8E9"
},
{
"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.3:11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4993ECBE-3E97-47BB-897F-77FCF31F7EAD"
},
{
"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2F66891-2DFE-440E-AF9C-5BD6FA9AA68F"
},
{
"criteria": "cpe:2.3:o:bd:alaris_gateway_workstation_firmware:1.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D9581B3-999A-4198-A35A-90177AEC21E7"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:alaris_gateway_workstation:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "506C8401-AF76-47C4-90EF-E6476C316230"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]