BD: Default credential points
A number of BD Diagnostic Options for medical professionals use default credentials that would enable attackers to entry, modify, or delete information, together with protected well being info (PHI) and personally identifiable info (PII). The flaw, tracked as CVE-2024-10476, can be used to close down the affected methods.
Impacted merchandise embrace BD BACTEC Blood Tradition System, BD COR System, BD EpiCenter Microbiology Information Administration System, BD MAX System, BD Phoenix M50 Automated Microbiology System, and Synapsys Informatics Resolution.
“BD has already communicated to customers with affected merchandise and is working with them to replace default credentials on affected merchandise,” CISA mentioned. “For this vulnerability to be exploited, a risk actor will want direct entry, whether or not logical or bodily, into the medical setting.”
