Product security bulletins

For product security and privacy alerts, notifications and documentation, see the following:

1 2 3

Alaris System residual data

un Jul 15, 2019

In line with our commitment to continuously improve patient care, BD offers our customers innovative solutions for collecting and analyzing infusion information from the Alaris System.

Alaris Gateway Workstation Unauthorized Firmware

cr Jun 13, 2019

BD has been made aware of a potential vulnerability that can impact the Alaris Gateway Workstation (Workstation). If exploited, this vulnerability may allow an attacker with malicious intention to remotely install unauthorized firmware. These products are not sold or used in the United States.

Alaris Gateway Workstation Web Browser User Interface Lack of Authentication

hi Jun 13, 2019

BD has been made aware of a potential vulnerability that can impact Web Browser User Interface on the Alaris Gateway Workstation, standalone configuration only. If exploited, this vulnerability may allow an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to specified information on the Web Browser User Interface.

Remote Desktop Services Remote Code Execution Vulnerability

un May 15, 2019

BD is aware of and currently monitoring the Remote Desktop Services Remote Code Execution vulnerability. This vulnerability was announced by Microsoft on May 14, 2019. This vulnerability affects any systems that use Remote Desktop Services for Windows XP, Windows 7, Windows 2003 and Windows 2008.

Windows 7 Operating System End of Life

un Apr 17, 2019

Microsoft will end support for the Windows 7 Operating System (OS) after January 14, 2020 and for Windows Embedded Standard 7 Service Pack 1 on October 13, 2020. As a result, Microsoft will no longer provide security updates or support for devices running Windows 7.

Administrator Account Enabled in BD FACSLyric Cell Analyzer Systems with Windows 10 Professional

un Jan 29, 2019

Administrator Account Enabled in BD FACSLyric Cell Analyzer Systems with Windows 10 Professional

Microsoft Windows Task Scheduler Vulnerability

un Jan 24, 2019

BD is aware of a Microsoft Windows vulnerability in the task scheduler, which could allow malicious attackers to gain elevated system privileges, if compromised. This vulnerability identified a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface. It has been observed targeting fully patched Microsoft Windows 10 64-bit and Windows Server 2016 operating systems. This is not a BD-specific vulnerability, and there have been no reports of a BD product being affected by this vulnerability.

SQL Function Vulnerability for BD Kiestra TLA, BD Kiestra WCA, BD Kiestra InoquIA+

me Oct 2, 2018

This notification provides product security information and recommendations related to a product security vulnerability found in the following BD Kiestra Systems: BD Kiestra TLA, BD Kiestra WCA and BD InoqulA+ specimen processor. The contents of this notification will be disclosed publicly on the BD Product Security website (www.bd.com/productsecurity) and is voluntarily reported by BD with Information Sharing and Analysis Organizations (ISAOs) where BD participates, including the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and the National Health Information Sharing and Analysis Center (NH-ISAC) to optimally reach past and present customers.

Select Alaris Plus Syringe Pumps sold and in-use outside the United States

cr Aug 23, 2018

BD has been made aware of a potential vulnerability that can impact various Alaris Syringe Pumps sold and used outside of the United States. If exploited, this vulnerability may allow an attacker to gain remote access to devices when connected to a terminal server via the serial port. This potential vulnerability does not affect the Alaris™ Syringe Module sold in the United States.

Kwampirs.A Virus

me Aug 9, 2018

BD is aware of a Trojan called Kwampirs, which allows malicious attackers remote access into a compromised computer. This is not a BD-specific vulnerability, and there have been no reports of a BD product being affected by Kwampirs. It has been observed targeting common legacy Microsoft Windows operating systems. Kwampirs affects those systems with enabled network shared drives, outdated or no malware protection and any version of the Microsoft Windows Operating System.

1 2 3

This site uses cookies. If you click accept cookies then all cookies will be written. Please review our cookies policy and configure your cookies for your experience.