CVE-2023-29061 – Lack of Adequate BIOS Authentication
https://notcve.org/view.php?id=CVE-2023-29061
There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication. No existe una contraseña de BIOS en la estación de trabajo FACSChorus. Un actor de amenazas con acceso físico a la estación de trabajo puede explotar esta vulnerabilidad para acceder a la configuración del BIOS y modificar el orden de inicio de la unidad y la autenticación previa al inicio del BIOS. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-306: Missing Authentication for Critical Function •
CVE-2023-29060 – Lack of USB Whitelisting
https://notcve.org/view.php?id=CVE-2023-29060
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data. El sistema operativo de la estación de trabajo FACSChorus no restringe qué dispositivos pueden interactuar con sus puertos USB. Si se explota, un actor de amenazas con acceso físico a la estación de trabajo podría obtener acceso a la información del sistema y potencialmente filtrar datos. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-306: Missing Authentication for Critical Function CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface •
CVE-2023-47685 – WordPress Preloader Matrix Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47685
Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Lukman Nakib Preloader Matrix. Este problema afecta a Preloader Matrix: desde n/a hasta 2.0.1. The Preloader Matrix plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the handleEndPoint() function. • https://patchstack.com/database/vulnerability/matrix-pre-loader/wordpress-preloader-matrix-plugin-2-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-30565 – CQI Data Sniffing
https://notcve.org/view.php?id=CVE-2023-30565
An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx • CWE-319: Cleartext Transmission of Sensitive Information CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVE-2023-30564 – Stored Cross-Site Scripting on Device Import Functionality
https://notcve.org/view.php?id=CVE-2023-30564
Alaris Systems Manager does not perform input validation during the Device Import Function. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •