CVE-2016-8375

Name of the Vulnerable Software and Affected Versions Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit versions 9.5 and prior Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit version 9.7 Becton, Dickinson and Company (BD) Alaris 8000 PC unit

Description An issue allows an unauthorized user with physical access to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The affected devices store sensitive data on internal flash memory, requiring special tools to extract and increasing the likelihood of detection if carried out in a healthcare facility.

Recommendations For Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit versions 9.5 and prior, consider implementing additional physical security measures to prevent unauthorized access to the device. For Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit version 9.7, restrict access to the device's internal components to minimize the risk of exploitation. For Becton, Dickinson and Company (BD) Alaris 8000 PC unit, ensure that the device is stored in a secure location when not in use to prevent unauthorized physical access.