United States
North America

Canada (FR)

Canada (EN)

Mexico

United States

South America

Argentina

Brasil

Chile

Colombia
Europe

Belgium (FR)

Belgium (NL)

Česká republika

Denmark

Europe

Suomi

France

Deutschland

Hebrew

Hungary (EN)

Hungary (HU)

Ireland

Italia

Nederland

Norge

Polska

Россия

España

Sverige

Schweiz

Türkiye

United Kingdom
Middle East / Africa

Middle East, North Africa

Africa

Asia / Pacific

Australia / New Zealand

中国

Greater Asia

India

Indonesia

日本

Korea

Malaysia

Philippines

Singapore

Thailand

Vietnam
Login

Third-party Vulnerability

Adobe Reader products

Jul 30, 2021

Bulletins

CRITICAL

BD is aware of and currently monitoring a zero-day vulnerability affecting Adobe Reader products. This third-party vulnerability is not specific to BD or our products. Additionally, we have not received any reports of this vulnerability being exploited on BD products. BD is providing this update to let customers know which BD products could be affected by the following third-party vulnerability:

CVE-2021-28550 – a remote code execution vulnerability that, if exploited, could allow threat actors to execute almost any command in affected Adobe reader products, including installing malware and completely taking over the affected computer.

The product list below identifies existing BD products that utilize in-scope Adobe Reader products. The list may be updated as more products are identified. In addition, this list does not indicate the patch or device status. Please check back periodically for updates.

The BD products listed below are in scope for CVE-2021-28550:

BD Assurity Linc™ Plus
BD DataLink™
BD HealthSight™ Clinical Advisor
BD HealthSight™ Data Manager
BD HealthSight™ Diversion Management
BD HealthSight™ Infection Advisor
BD HealthSight™ Inventory Optimization Analytics
BD HealthSight™ Medication Safety Analytics

BD Knowledge Portal for BD Pyxis™ Supply
BD Knowledge Portal for Infusion Technologies
BD Knowledge Portal for Medication Technologies
BD Rowa™ - Dose
BD Rowa™ - Vmax

Customers that maintain patches independent of BD automated delivery are responsible for maintaining the correct security posture of their system(s) and should ensure related Adobe patches have been applied:

https://helpx.adobe.com/security/products/acrobat/apsb21-29.html

BD is currently working to test and validate the Adobe patch(es) for BD products that use the affected third-party components. Some patches may already be available. Please refer to the Bulletins and Patches page for all approved product security patching notifications. Additionally, we recommend the following compensating controls for customers using BD products that utilize Adobe Reader:

Customers should limit physical access to the affected devices to authorized users only. We recommend physically securing the system and its input devices behind barriers that require authentication or security clearance, as feasible for products, depending on customer’s environment of use.

Customers with devices that utilize Adobe Reader and are connected to an external network are advised to consider disconnecting those devices from the external network as feasible or apply appropriate network segmentation. We recommend customers place affected devices on an isolated network and follow industry standard best practices for network security measures, as feasible in customer’s environment of use.

For product- or site-specific concerns, contact your BD service representative. If you believe a BD device on your network has been impacted by this third-party vulnerability, disconnect the device from the network and contact your BD service representative immediately.

https://nvd.nist.gov/vuln/detail/CVE-2018-10933