This notification is voluntarily reported by BD to Information Sharing and Analysis Organizations (ISAOs).
BD communicates with our customers about cybersecurity vulnerabilities to help healthcare providers manage potential risks through awareness and guidance.
BD is aware of and currently monitoring a vulnerability affecting all versions of Fortinet FortiOS products in use by BD. This third-party vulnerability is not specific to BD or our products. Additionally, we have not received any reports of this vulnerability being exploited on BD products. BD is providing this update to let customers know which BD products could be affected by the following third-party Fortinet vulnerability:
This notification applies to the following BD products:
Only those BD Kiestra™ products mentioned above that contain a System Control Unit (SCU) version 2.5 (released in 2022) are impacted. Earlier versions of the SCU are not impacted.
This list does not indicate the patch or device status. The list may be updated if more products are identified. Please check back periodically for updates.
BD is currently working to test and validate the patch(es) or other mitigations for BD products that use the affected third-party component. Please refer to the Bulletins and Patches page for all approved product security patching notifications. BD recommends the following mitigations and compensating controls in order to help reduce risk associated with this vulnerability: