Main Vulnerability Database Vulnerabilities #VU83570

Use of hard-coded credentials in FACSChorus - CVE-2023-29064

Published: November 29, 2023

Vulnerability identifier: #VU83570

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-29064

CWE-ID: CWE-798

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Becton, Dickinson and Company (BD)

Affected software:
FACSChorus

Detailed vulnerability description

The vulnerability allows a local attacker to gain access to sensitive information.

The vulnerability exists due to the software contains sensitive information stored in plaintext. An authenticated attacker with physical access can gain hardcoded secrets used by the application

How to mitigate CVE-2023-29064

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-331-01

Use of hard-coded credentials in FACSChorus - CVE-2023-29064

Detailed vulnerability description

How to mitigate CVE-2023-29064

Sources

Please verify you're human