CVE-2018-14786

Name of the Vulnerable Software and Affected Versions Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions prior to 2.3.7

Description The issue is related to an improper authentication mechanism where the software fails to authenticate users for certain functionality, potentially allowing a remote attacker to gain unauthorized access to the syringe pumps when connected to a terminal server via the serial port. This could impact the intended operation of the pump.

Recommendations For versions prior to 2.3.7, update to version 2.3.7 or later to resolve the issue.