CVE-2024-10476

Summary

Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys™ Informatics Solution is only in scope of this vulnerability when installed on a NUC server. BD Synapsys™ Informatics Solution installed on a customer-provided virtual machine or on the BD Kiestra™ SCU hardware is not in scope.

Affected Software

VendorProductVersion RangeStatus
Becton Dickinson & CoBD BACTEC™ Blood Culture System0 <= 7.20affected
Becton Dickinson & CoBD COR™ System0 <= 8.90affected
Becton Dickinson & CoBD EpiCenter™ Microbiology Data Management System0 <= 7.45affected
Becton Dickinson & CoBD MAX™ System0 <= 6.10affected
Becton Dickinson & CoBD Phoenix™ M50 Automated Microbiology System0 <= 2.70affected
Becton Dickinson & CoBD Synapsys™ Informatics Solution0 <= 6.10affected

Weaknesses

  • CWE-1392: CWE-1392 USE OF DEFAULT CREDENTIALS

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References