CVE-2016-8375
Detail
Modified After Enrichment
This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.
Description
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection.
Metrics
β
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
Vector:
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:L/AC:M/Au:N/C:P/I:N/A:N)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected].
Change History
7 change records found show changes
CVE Modified by ICS-CERT
6/16/2026 8:54:14 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Affected |
[{"vendor":"n/a","product":"BD Alaris 8015 through 9.7 and 8000","versions":[{"version":"BD Alaris 8015 through 9.7 and 8000","status":"affected"}]}]
|
CVE Status Change
5/12/2026 8:24:29 PM
| Action |
Type |
Old Value |
New Value |
CVE Modified by CVE
11/20/2024 9:59:14 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
http://www.securityfocus.com/bid/96113
|
| Added |
Reference |
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01
|
| Added |
Reference |
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02
|
CVE Modified by ICS-CERT
5/14/2024 12:07:03 AM
| Action |
Type |
Old Value |
New Value |
Initial Analysis by NIST
3/16/2017 1:25:57 PM
| Action |
Type |
Old Value |
New Value |
| Added |
CVSS V3 |
AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
|
| Added |
CVSS V2 |
(AV:L/AC:M/Au:N/C:P/I:N/A:N)
|
| Added |
CWE |
CWE-255
|
| Added |
CPE Configuration |
OR
*cpe:2.3:a:bd:alaris_8015_pc_unit:9.5:*:*:*:*:*:*:* (and previous)
*cpe:2.3:a:bd:alaris_8015_pc_unit:9.7:*:*:*:*:*:*:*
|
| Changed |
Reference Type |
http://www.securityfocus.com/bid/96113 No Types Assigned
|
http://www.securityfocus.com/bid/96113 Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01 No Types Assigned
|
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01 Mitigation, Third Party Advisory, US Government Resource
|
| Changed |
Reference Type |
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02 No Types Assigned
|
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02 Mitigation, Third Party Advisory, US Government Resource
|
CVE Modified by ICS-CERT
2/14/2017 9:59:01 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
http://www.securityfocus.com/bid/96113 [No Types Assigned]
|
CVE Modified by ICS-CERT
2/13/2017 9:59:00 PM
| Action |
Type |
Old Value |
New Value |
| Changed |
Description |
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7 stores wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection.
|
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection.
|
| Added |
Reference |
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01 [No Types Assigned]
|
Quick Info
CVE Dictionary Entry: CVE-2016-8375 NVD
Published Date: 02/13/2017 NVD
Last Modified: 06/16/2026
Source: ICS-CERT
|
