CVE-2016-8375

{"id": "CVE-2016-8375", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 4.9, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 0.5}]}, "published": "2017-02-13T22:59:00.210", "references": [{"url": "http://www.securityfocus.com/bid/96113", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection."}, {"lang": "es", "value": "Ha sido descubierto un problema en la unidad Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC), versi\u00f3n 9.5 y versiones anteriores, y en la versi\u00f3n 9.7 y unidad de PC 8000. Un usuario no autorizado con acceso f\u00edsico a una unidad de Alaris PC afectada puede obtener credenciales de autenticaci\u00f3n de red inal\u00e1mbrica sin cifrar y otros datos t\u00e9cnicos confidenciales al desmontar la unidad de PC y acceder a la memoria flash del dispositivo. La unidad PC Alaris 8015, Versi\u00f3n 9.7 y la unidad PC 8000 almacenan credenciales de autenticaci\u00f3n de redes inal\u00e1mbricas y otros datos t\u00e9cnicos sensibles en la memoria flash interna. El acceso a la memoria flash interna del dispositivo afectado requerir\u00eda herramientas especiales para extraer datos y llevar a cabo este ataque en una instalaci\u00f3n sanitaria aumentar\u00eda la probabilidad de detecci\u00f3n."}], "lastModified": "2017-03-16T17:25:57.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bd:alaris_8015_pc_unit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C65F8B2-E4A6-429B-BA5A-FD3FA2B7ABF3", "versionEndIncluding": "9.5"}, {"criteria": "cpe:2.3:a:bd:alaris_8015_pc_unit:9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A084F62-ED84-4DE0-BE57-6665FB7248B6"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}