Third-party Vulnerability

Adobe Reader products


BD is aware of and currently monitoring a zero-day vulnerability affecting Adobe Reader products. This third-party vulnerability is not specific to BD or our products. Additionally, we have not received any reports of this vulnerability being exploited on BD products. BD is providing this update to let customers know which BD products could be affected by the following third-party vulnerability:

  • CVE-2021-28550 – a remote code execution vulnerability that, if exploited, could allow threat actors to execute almost any command in affected Adobe reader products, including installing malware and completely taking over the affected computer.

BD Products that Utilize Affected Adobe Reader Products

The product list below identifies existing BD products that utilize in-scope Adobe Reader products. The list may be updated as more products are identified. In addition, this list does not indicate the patch or device status. Please check back periodically for updates.

The BD products listed below are in scope for CVE-2021-28550:

  • BD Assurity Linc™ Plus
  • BD DataLink™
  • BD HealthSight™ Clinical Advisor
  • BD HealthSight™ Data Manager
  • BD HealthSight™ Diversion Management
  • BD HealthSight™ Infection Advisor
  • BD HealthSight™ Inventory Optimization Analytics
  • BD HealthSight™ Medication Safety Analytics
  • BD Knowledge Portal for BD Pyxis™ Supply
  • BD Knowledge Portal for Infusion Technologies
  • BD Knowledge Portal for Medication Technologies
  • BD Rowa™ - Dose
  • BD Rowa™ - Vmax

Customers that maintain patches independent of BD automated delivery are responsible for maintaining the correct security posture of their system(s) and should ensure related Adobe patches have been applied:


BD is currently working to test and validate the Adobe patch(es) for BD products that use the affected third-party components. Some patches may already be available. Please refer to the Bulletins and Patches page for all approved product security patching notifications. Additionally, we recommend the following compensating controls for customers using BD products that utilize Adobe Reader:

  • Customers should limit physical access to the affected devices to authorized users only. We recommend physically securing the system and its input devices behind barriers that require authentication or security clearance, as feasible for products, depending on customer’s environment of use.
  • Customers with devices that utilize Adobe Reader and are connected to an external network are advised to consider disconnecting those devices from the external network as feasible or apply appropriate network segmentation. We recommend customers place affected devices on an isolated network and follow industry standard best practices for network security measures, as feasible in customer’s environment of use.

Additional Resources

For product- or site-specific concerns, contact your BD service representative. If you believe a BD device on your network has been impacted by this third-party vulnerability, disconnect the device from the network and contact your BD service representative immediately.