10
CVE-2019-10959
- EPSS 1.06%
- Veröffentlicht 13.06.2019 21:29:15
- Zuletzt bearbeitet 21.11.2024 04:20:14
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginBD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bd ≫ Alaris Gateway Workstation Firmware Version1.1.3 Update10
Bd ≫ Alaris Gateway Workstation Firmware Version1.1.3 Update11
Bd ≫ Alaris Gateway Workstation Firmware Version1.2 Update15
Bd ≫ Alaris Gateway Workstation Firmware Version1.3.0 Update14
Bd ≫ Alaris Gateway Workstation Firmware Version1.3.1 Update13
Bd ≫ Alaris Gs Syringe Pump Firmware Version <= 2.3.6
Bd ≫ Alaris Gh Syringe Pump Firmware Version <= 2.3.6
Bd ≫ Alaris Cc Syringe Pump Firmware Version <= 2.3.6
Bd ≫ Alaris Tiva Syringe Pump Firmware Version <= 2.3.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.06% | 0.756 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 3.9 | 6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.