CVE-2023-29064 MEDIUM

CVE-2023-29064: Hardcoded Secrets

Vendor Becton, Dickinson And Company (Bd)
Product FACSChorus
Weakness CWE-798 · Hardcoded credentials
Published November 28, 2023
Last update October 11, 2024

CVSS base score

4.1/10
Attack vector Physical
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.

Key dates

02Disclosure timeline

November 28, 2023 CVE published
October 11, 2024 Record updated