CVE-2024-10476

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-10476
Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys™ Informatics Solution is only in scope of this vulnerability when installed on a NUC server. BD Synapsys™ Informatics Solution installed on a customer-provided virtual machine or on the BD Kiestra™ SCU hardware is not in scope.

8.0 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-cybersecurity-vulnerability-bulletin-diagnostic-solutions-products
Configurations

No configuration.

History

15 Apr 2026, 00:35

Type Values Removed Values Added
Summary
  • (es) Las credenciales predeterminadas se utilizan en BD Diagnostic Solutions products enumerados anteriormente. Si se explota esta vulnerabilidad, los actores de amenazas pueden acceder, modificar o eliminar datos, incluida información confidencial como información médica protegida (PHI) e información de identificación personal (PII). La explotación de esta vulnerabilidad puede permitir que un atacante apague o afecte de otro modo la disponibilidad del sistema. Nota: BD Synapsys™ Informatics Solution solo está dentro del alcance de esta vulnerabilidad cuando se instala en un servidor NUC. BD Synapsys™ Informatics Solution instalada en una máquina virtual proporcionada por el cliente o en el hardware BD Kiestra™ SCU no está dentro del alcance.

17 Dec 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-17 16:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-10476

Mitre link : CVE-2024-10476

CVE.ORG link : CVE-2024-10476

JSON object : View

Products Affected

No product.

CWE
CWE-1392

Use of Default Credentials