Sign-up

ID

VAR-201702-0080


CVE

CVE-2016-8375


TITLE

Alaris 8000/8015 PC units Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: 4251f10a-2a51-4ee5-942d-63053efab9f2 // CNVD: CNVD-2017-01601

DESCRIPTION

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection. The Alaris 8000 and 8015 PC units are at the heart of the BD Alaris system in the United States, providing a common user interface for programming intravenous fluids. An information disclosure vulnerability exists in Alaris 8000 and 8015 PC units. Attackers can exploit vulnerabilities to obtain sensitive information, leading to further attacks

Trust: 2.7

sources: NVD: CVE-2016-8375 // JVNDB: JVNDB-2016-008011 // CNVD: CNVD-2017-01601 // BID: 96113 // IVD: 4251f10a-2a51-4ee5-942d-63053efab9f2 // VULMON: CVE-2016-8375

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 4251f10a-2a51-4ee5-942d-63053efab9f2 // CNVD: CNVD-2017-01601

AFFECTED PRODUCTS

vendor:bdmodel:alaris 8015 pc unitscope:eqversion:9.7

Trust: 1.6

vendor:bdmodel:alaris 8015 pc unitscope:lteversion:9.5

Trust: 1.0

vendor:bdmodel:alaris pc unitscope:eqversion:80159.7

Trust: 0.9

vendor:bdmodel:alaris pc unitscope:eqversion:80000

Trust: 0.9

vendor:becton dickinson and bdmodel:alaris 8000 pc unitscope: - version: -

Trust: 0.8

vendor:becton dickinson and bdmodel:alaris 8015 pc unitscope:lteversion:9.5

Trust: 0.8

vendor:becton dickinson and bdmodel:alaris 8015 pc unitscope:eqversion:9.7

Trust: 0.8

vendor:bdmodel:alaris 8015 pc unitscope:eqversion:9.5

Trust: 0.6

vendor:alaris 8015 pc unitmodel: - scope:eqversion:*

Trust: 0.2

vendor:alaris 8015 pc unitmodel: - scope:eqversion:9.7

Trust: 0.2

sources: IVD: 4251f10a-2a51-4ee5-942d-63053efab9f2 // CNVD: CNVD-2017-01601 // BID: 96113 // JVNDB: JVNDB-2016-008011 // NVD: CVE-2016-8375 // CNNVD: CNNVD-201702-385

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-8375
value: MEDIUM

Trust: 1.8

CNVD: CNVD-2017-01601
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201702-385
value: LOW

Trust: 0.6

IVD: 4251f10a-2a51-4ee5-942d-63053efab9f2
value: LOW

Trust: 0.2

VULMON: CVE-2016-8375
value: LOW

Trust: 0.1

NVD:
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-8375
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

CNVD: CNVD-2017-01601
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4251f10a-2a51-4ee5-942d-63053efab9f2
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

NVD:
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.5
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2016-8375
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 4251f10a-2a51-4ee5-942d-63053efab9f2 // CNVD: CNVD-2017-01601 // VULMON: CVE-2016-8375 // JVNDB: JVNDB-2016-008011 // NVD: CVE-2016-8375 // CNNVD: CNNVD-201702-385

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2016-008011 // NVD: CVE-2016-8375

THREAT TYPE

local

Trust: 0.9

sources: BID: 96113 // CNNVD: CNNVD-201702-385

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201702-385

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-8375

PATCH
title:Alaris PC uniturl:http://www.carefusion.com/our-products/infusion/infusion-system-devices/alaris-pc-unit
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-008011

EXTERNAL IDS
db:NVDid:CVE-2016-8375
Trust: 3.6
db:ICS CERTid:ICSMA-17-017-01
Trust: 2.2
db:BIDid:96113
Trust: 2.0
db:ICS CERTid:ICSMA-17-017-02
Trust: 2.0
db:CNVDid:CNVD-2017-01601
Trust: 0.8
db:CNNVDid:CNNVD-201702-385
Trust: 0.8
db:ICS CERTid:ICSMA-17-017-02A
Trust: 0.8
db:JVNDBid:JVNDB-2016-008011
Trust: 0.8
db:IVDid:4251F10A-2A51-4EE5-942D-63053EFAB9F2
Trust: 0.2
db:VULMONid:CVE-2016-8375
Trust: 0.1
sources:
            
            
            IVD: 4251f10a-2a51-4ee5-942d-63053efab9f2 // 
            
            
            
            CNVD: CNVD-2017-01601 // 
            
            
            
            VULMON: CVE-2016-8375 // 
            
            
            
            BID: 96113 // 
            
            
            
            JVNDB: JVNDB-2016-008011 // 
            
            
            
            NVD: CVE-2016-8375 // 
            
            
            
            CNNVD: CNNVD-201702-385

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-17-017-01
Trust: 2.3
url:http://www.securityfocus.com/bid/96113
Trust: 1.8
url:https://ics-cert.us-cert.gov/advisories/icsma-17-017-02
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8375
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsma-17-017-02a
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8375
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsma-17-017-02
Trust: 0.6
url:http://www.carefusion.com/our-products/infusion/infusion-system-devices/alaris-pc-unit
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-01601 // 
            
            
            
            VULMON: CVE-2016-8375 // 
            
            
            
            BID: 96113 // 
            
            
            
            JVNDB: JVNDB-2016-008011 // 
            
            
            
            NVD: CVE-2016-8375 // 
            
            
            
            CNNVD: CNNVD-201702-385

CREDITS
Dickinson and Company (BD),Becton
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201702-385

SOURCES
db:IVDid:4251f10a-2a51-4ee5-942d-63053efab9f2
db:CNVDid:CNVD-2017-01601
db:VULMONid:CVE-2016-8375
db:BIDid:96113
db:JVNDBid:JVNDB-2016-008011
db:NVDid:CVE-2016-8375
db:CNNVDid:CNNVD-201702-385

LAST UPDATE DATE
2023-12-18T12:51:24.576000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-01601date:2017-02-20T00:00:00
db:VULMONid:CVE-2016-8375date:2017-03-16T00:00:00
db:BIDid:96113date:2017-03-07T03:02:00
db:JVNDBid:JVNDB-2016-008011date:2017-04-07T00:00:00
db:NVDid:CVE-2016-8375date:2017-03-16T17:25:57.367
db:CNNVDid:CNNVD-201702-385date:2021-03-17T00:00:00

SOURCES RELEASE DATE
db:IVDid:4251f10a-2a51-4ee5-942d-63053efab9f2date:2017-02-20T00:00:00
db:CNVDid:CNVD-2017-01601date:2017-02-20T00:00:00
db:VULMONid:CVE-2016-8375date:2017-02-13T00:00:00
db:BIDid:96113date:2017-02-07T00:00:00
db:JVNDBid:JVNDB-2016-008011date:2017-04-07T00:00:00
db:NVDid:CVE-2016-8375date:2017-02-13T22:59:00.210
db:CNNVDid:CNNVD-201702-385date:2017-02-13T00:00:00