BD: Default credential points
A number of BD Diagnostic Options for medical professionals use default credentials that might permit attackers to entry, modify, or delete knowledge, together with protected well being info (PHI) and personally identifiable info (PII). The flaw, tracked as CVE-2024-10476, can be used to close down the affected methods.
Impacted merchandise embody BD BACTEC Blood Tradition System, BD COR System, BD EpiCenter Microbiology Data Administration System, BD MAX System, BD Phoenix M50 Automated Microbiology System, and Synapsys Informatics Answer.
“BD has already communicated to customers with affected merchandise and is working with them to replace default credentials on affected merchandise,” CISA stated. “For this vulnerability to be exploited, a menace actor will want direct entry, whether or not logical or bodily, into the medical setting.”