Shellshock vulnerability

United States
North America

Canada (FR)

Canada (EN)

Mexico

United States

South America

Argentina

Brasil

Chile

Colombia
Europe

Belgium (FR)

Belgium (NL)

Česká republika

Denmark

Europe

Suomi

France

Deutschland

Hebrew

Hungary (EN)

Hungary (HU)

Ireland

Italia

Nederland

Norge

Polska

Россия

España

Sverige

Schweiz

Türkiye

United Kingdom
Middle East / Africa

Middle East, North Africa

Africa

Asia / Pacific

Australia / New Zealand

中国

Greater Asia

India

Indonesia

日本

Korea

Malaysia

Philippines

Singapore

Thailand

Vietnam
Login

Oct 03, 2014

Bulletins

The U.S. Computer Emergency Readiness Team (US-CERT), a division of the U.S. Department of Homeland Security (DHS), recently released a security advisory about a serious vulnerability (CVE-2014-6271) widely known as Shellshock, which is similar in severity to the Heartbleed vulnerability from April 2014. The bug was uncovered in the Bash command-line interpreter (also known as a "shell") widely distributed in many computer operating systems including Linux, Unix, Berkeley Software Distribution (BSD) and Apple OS X, and on some Microsoft® Windows and Android systems.

We have determined that the safety and security of our manufactured medical devices are not at risk by the Shellshock vulnerability. BD takes product safety and security—along with all information security matters—very seriously. Once we become aware of any vulnerability, we take immediate steps to investigate potential risks to our products and our customer-facing websites and related services.

We continue to monitor and investigate the situation and, as of October 3rd, can confirm that these customer-facing products and systems are secure from the Shellshock vulnerability:

Alaris™ PC unit
Alaris Systems Manager software web clients
Alaris Viewer Suite
Axeda and Bomgar Remote Support Services (RSS) and access platforms for Alaris and Pyxis™ technologies
BD Customer Portal, available for Pyxis technologies customers at cp.carefusion.com
Knowledge Portal analytics solutions for infusion technologies, Pyxis medication and supply technologies, and ventilator therapy
External Identity Manager (EIM), at eim.carefusion.com
MedMined™ Surveillance Advisor
Pyxis technologies
Respiratory diagnostics eStore, at store.carefusion.com/respiratorydiagnostics
The supplier and distributor communication portal, at vision.carefusion.com
Teamviewer RSS for ventilation technologies
V. Mueller™ online catalog, at catalog.carefusion.com/vmueller

BD continues to investigate the matter and monitor the situation closely. We will update this page with additional, relevant information as it becomes available.