BD is aware of and currently monitoring a zero-day vulnerability affecting Adobe Reader products. This third-party vulnerability is not specific to BD or our products. Additionally, we have not received any reports of this vulnerability being exploited on BD products. BD is providing this update to let customers know which BD products could be affected by the following third-party vulnerability:
The product list below identifies existing BD products that utilize in-scope Adobe Reader products. The list may be updated as more products are identified. In addition, this list does not indicate the patch or device status. Please check back periodically for updates.
The BD products listed below are in scope for CVE-2021-28550:
Customers that maintain patches independent of BD automated delivery are responsible for maintaining the correct security posture of their system(s) and should ensure related Adobe patches have been applied:
BD is currently working to test and validate the Adobe patch(es) for BD products that use the affected third-party components. Some patches may already be available. Please refer to the Bulletins and Patches page for all approved product security patching notifications. Additionally, we recommend the following compensating controls for customers using BD products that utilize Adobe Reader:
For product- or site-specific concerns, contact your BD service representative. If you believe a BD device on your network has been impacted by this third-party vulnerability, disconnect the device from the network and contact your BD service representative immediately.