BD: Default credential issues
Multiple BD Diagnostic Solutions for medical professionals use default credentials that could allow attackers to access, modify, or delete data, including protected health information (PHI) and personally identifiable information (PII). The flaw, tracked as CVE-2024-10476, can also be used to shut down the affected systems.
Impacted products include BD BACTEC Blood Culture System, BD COR System, BD EpiCenter Microbiology Data Management System, BD MAX System, BD Phoenix M50 Automated Microbiology System, and Synapsys Informatics Solution.
“BD has already communicated to users with affected products and is working with them to update default credentials on affected products,” CISA said. “For this vulnerability to be exploited, a threat actor will need direct access, whether logical or physical, into the clinical setting.”