CVE-2016-9355

Name of the Vulnerable Software and Affected Versions Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit versions 9.5 and prior Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit version 9.7

Description An issue allows an unauthorized user with physical access to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the device and accessing its flash memory. The device's removable flash memory stores these credentials and data in older software versions, allowing an attacker to extract them without detection.

Recommendations For version 9.5 and prior, consider implementing physical security measures to prevent unauthorized access to the device's flash memory. For version 9.7, restrict physical access to the device to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of removable flash memory in the affected devices until a patch is available.