CVE-2019-10959 — CRITICAL (10.0)

Q: How severe is CVE-2019-10959?

CVE-2019-10959 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-10959?

Check the references section above for vendor advisories and patch information. Affected products include: Bd Alaris Gateway Workstation Firmware, Bd Alaris Gateway Workstation, Bd Alaris Gs Syringe Pump Firmware, Bd Alaris Gs Syringe Pump, Bd Alaris Gh Syringe Pump Firmware.

Vulnerability Description

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update.

CVSS Score

10.0

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bd	Alaris Gateway Workstation Firmware	1.1.3
Bd	Alaris Gateway Workstation	-
Bd	Alaris Gs Syringe Pump Firmware	<= 2.3.6
Bd	Alaris Gs Syringe Pump	-
Bd	Alaris Gh Syringe Pump Firmware	<= 2.3.6
Bd	Alaris Gh Syringe Pump	-
Bd	Alaris Cc Syringe Pump Firmware	<= 2.3.6
Bd	Alaris Cc Syringe Pump	-
Bd	Alaris Tiva Syringe Pump Firmware	<= 2.3.6
Bd	Alaris Tiva Syringe Pump	-

Related Weaknesses (CWE)

CWE-434

References

http://www.securityfocus.com/bid/108765Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01MitigationThird Party AdvisoryUS Government Resource
https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bVendor Advisory
http://www.securityfocus.com/bid/108765Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01MitigationThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2019-10959?

CVE-2019-10959 is a vulnerability with a CVSS score of 10.0 (CRITICAL). BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally...

How severe is CVE-2019-10959?

CVE-2019-10959 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-10959?

Check the references section above for vendor advisories and patch information. Affected products include: Bd Alaris Gateway Workstation Firmware, Bd Alaris Gateway Workstation, Bd Alaris Gs Syringe Pump Firmware, Bd Alaris Gs Syringe Pump, Bd Alaris Gh Syringe Pump Firmware.