CVE-2016-8375

Description

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection.

References

Link	Tags
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01	us government resource third party advisory mitigation
http://www.securityfocus.com/bid/96113	vdb entry third party advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02	us government resource third party advisory mitigation

Frequently Asked Questions

What is the severity of CVE-2016-8375?: CVE-2016-8375 has been scored as a medium severity vulnerability.
How to fix CVE-2016-8375?: To fix CVE-2016-8375, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2016-8375 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2016-8375 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2016-8375?: CVE-2016-8375 affects n/a BD Alaris 8015 through 9.7 and 8000.

Description

Category

CWE-255 – Credentials Management Errors

References

Frequently Asked Questions