CVE-2019-10959

EPSS 2.5%CWE-434

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

13 Jun 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update.

Affected products

n/a · BD Alaris Gateway Workstation

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://ics-cert.us-cert.gov/advisories/ICSMA-19-164-01 http://www.securityfocus.com/bid/108765