{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-30565", "assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18", "state": "PUBLISHED", "assignerShortName": "BD", "dateReserved": "2023-04-12T16:30:07.537Z", "datePublished": "2023-07-13T19:06:18.280Z", "dateUpdated": "2023-10-26T15:51:18.816Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CQI Reporter", "vendor": "Becton Dickinson & Co", "versions": [{"lessThanOrEqual": "10.17", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2023-07-13T15:32:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker."}], "value": "An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker."}], "impacts": [{"capecId": "CAPEC-158", "descriptions": [{"lang": "en", "value": "CAPEC-158 Sniffing Network Traffic"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-924", "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18", "shortName": "BD", "dateUpdated": "2023-10-26T15:51:18.816Z"}, "references": [{"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nBD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.\n\n<br>"}], "value": "\nBD recommends customers update to the BD Alaris\u00e2\u201e\u00a2 System v12.3, where available based on regulatory authorization. Customers who require software updates should contact their BD Account Executive to assist with scheduling the remediation.\n\n\n"}], "source": {"discovery": "INTERNAL"}, "title": " CQI Data Sniffing ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bd:guardrails_cqi_reporter:*:*:*:*:*:*:*:*", "matchCriteriaId": "655314BD-CC12-4C62-8FAB-3E49E2AFFF13", "versionEndIncluding": "10.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker."}], "id": "CVE-2023-30565", "lastModified": "2023-07-25T18:40:50.133", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cybersecurity@bd.com", "type": "Secondary"}]}, "published": "2023-07-13T20:15:09.260", "references": [{"source": "cybersecurity@bd.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"}], "sourceIdentifier": "cybersecurity@bd.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-319"}, {"lang": "en", "value": "CWE-924"}], "source": "cybersecurity@bd.com", "type": "Secondary"}]}

{}