Product Security Bulletin for Third-Party ESET Legacy Startup Issue

United States
North America

Canada (FR)

Canada (EN)

Mexico

United States

South America

Argentina

Brasil

Chile

Colombia
Europe

Belgium (FR)

Belgium (NL)

Česká republika

Denmark

Europe

Suomi

France

Deutschland

Hebrew

Hungary (EN)

Hungary (HU)

Ireland

Italia

Nederland

Norge

Polska

Россия

España

Sverige

Schweiz

Türkiye

United Kingdom
Middle East / Africa

Middle East, North Africa

Africa

Asia / Pacific

Australia / New Zealand

中国

Greater Asia

India

Indonesia

日本

Korea

Malaysia

Philippines

Singapore

Thailand

Vietnam
Login

Apr 24, 2020

Bulletins

BD is aware of and is currently monitoring a third-party application issue within ESET Security’s products, where their kernel validates a previously expired certificate (expired February 7, 2020). Please note that this is not a security vulnerability and this issue cannot be exploited by an unauthorized user. Additionally, BD has not received any reports of this third-party application issue impacting BD products.

As a result of this application issue, the impacted versions of ESET Security products fail to load modules such as firewalls, Host Intrusion Prevention System (HIPS), Updated, Device Control, Web and Email protection, causing these modules to not function. This third-party security issue, which ESET corrected with their latest security update, is not specific to BD or our products.

BD utilizes the following three ESET Security products:

ESET Endpoint Antivirus/ESET Endpoint Security 5
ESET Endpoint Antivirus/ESET Endpoint Security 6.5.2000+
ESET File Security for Windows 6.5.12000+

For a full list of impacted ESET Security Products please see ESET’s advisory.

BD is currently working to test and validate the security update, released by ESET, for BD products that use the affected third-party products. Please see the Product Security Patching website for all approved product security patching notifications. Additionally, we recommend the following compensating controls for customers using BD products that utilize the impacted ESET products:

Ensure data has been backed up and stored according to your individual processes and disaster recovery procedures

The product list below is available to customers to help identify existing BD Products that utilize the affected ESET products. The list provided below is not comprehensive and may be updated as more products are identified. It does not indicate the patch or device status.

BD Care Coordination Engine™ (CCE)
BD HealthSight™ Viewer
BD Patient Association Application™ (PAA)
BD Pyxis™ Anesthesia Station 3500
BD Pyxis™ Anesthesia Station 4000
BD Pyxis™ Anesthesia Station ES
BD Pyxis™ CIISafe
BD Pyxis™ Connect
BD Pyxis™ IV Prep
BD Pyxis™ Logistics
BD Pyxis™ MedStation™ 3500 System

BD Pyxis™ MedStation™ 4000 System
BD Pyxis™ MedStation™ ES Server
BD Pyxis™ Pharmogistics Server
BD Pyxis™ Point of Care Server
BD Pyxis™ ScrubStation System
BD Pyxis™ Server ES
BD Pyxis™ SupplyStation™ SupplyCenter Server
BD Pyxis™ SupplyStation™ SupplyServer Client
BD Pyxis™ SupplyStation™ SupplyStation
BD Pyxis™ Virtual Test System
BD Tissue and Implant Module™ (TIM)

Customers that maintain patches independent of BD automated delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s).

Ensure ESET Security is updated to at least version 5.0.2272.7