CVE-2023-30560 MEDIUM

CVE-2023-30560: PCU Configuration Lacks Authentication

Vendor Becton Dickinson & Co
Product BD Alarisâ„¢ Point-of-Care Unit (PCU) Model 8015
Weakness CWE-287 · Improper authentication
Published July 13, 2023
Last update October 31, 2024

CVSS base score

6.8/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The configuration from the PCU can be modified without authentication using physical connection to the PCU.

Key dates

02Disclosure timeline

July 13, 2023 CVE published
October 31, 2024 Record updated