CVE-2019-10962

BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and configuration information of the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
bdalaris_gateway_workstation_firmware
1.0.13
bdalaris_gateway_workstation_firmware
1.1.3:10
bdalaris_gateway_workstation_firmware
1.1.3:11
bdalaris_gateway_workstation_firmware
1.1.5
bdalaris_gateway_workstation_firmware
1.1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/108763
https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01
http://www.securityfocus.com/bid/108763
https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01