CVE-2024-10476: BD Diagnostic Solutions Auth Bypass Flaw

CVE-2024-10476 Overview

CVE-2024-10476 is a hardcoded credentials vulnerability affecting BD Diagnostic Solutions products. Default credentials are used in the affected systems, which if exploited, could allow threat actors to access, modify, or delete sensitive data including protected health information (PHI) and personally identifiable information (PII). Additionally, exploitation may enable attackers to shut down or otherwise impact system availability.

Critical Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive healthcare data (PHI/PII), data modification or deletion, and potential system shutdown affecting diagnostic operations in healthcare environments.

Affected Products

BD Diagnostic Solutions products with default credentials
BD Synapsys™ Informatics Solution (when installed on NUC server only)
Note: BD Synapsys™ Informatics Solution installed on customer-provided virtual machines or BD Kiestra™ SCU hardware is not affected

Discovery Timeline

2024-12-17 - CVE CVE-2024-10476 published to NVD
2024-12-17 - Last updated in NVD database

Technical Details for CVE-2024-10476

Vulnerability Analysis

This vulnerability stems from the use of default credentials (CWE-1392: Use of Default Credentials) in BD Diagnostic Solutions products. The issue requires adjacent network access, meaning an attacker must be on the same network segment as the vulnerable device to exploit it. While some level of authentication is required, the attack complexity is low once network access is achieved.

The vulnerability presents significant risks in healthcare environments where these diagnostic systems handle sensitive patient information. Successful exploitation could compromise the confidentiality, integrity, and availability of diagnostic data and system operations.

It is important to note that the scope of this vulnerability is limited to specific deployment configurations. BD Synapsys™ Informatics Solution is only vulnerable when installed on a NUC server. Installations on customer-provided virtual machines or on the BD Kiestra™ SCU hardware are not affected by this vulnerability.

Root Cause

The root cause of CVE-2024-10476 is the use of default credentials in BD Diagnostic Solutions products. Default credentials are a common security weakness where products are shipped with pre-configured authentication credentials that are identical across all installations. When these credentials are not changed during deployment or are documented publicly, attackers can use them to gain unauthorized access to systems.

Attack Vector

The attack vector for this vulnerability is adjacent network (AV:A), meaning the attacker must have access to the local network segment where the vulnerable BD Diagnostic Solutions product is deployed. This could be achieved through physical access to the healthcare facility's network, compromise of another device on the same network, or through wireless network access if applicable.

Once on the adjacent network, an attacker with knowledge of the default credentials could authenticate to the system and potentially:

Access sensitive patient data including PHI and PII
Modify or delete diagnostic data and system configurations
Disrupt system availability by shutting down services or the entire system

The attack requires low privileges and no user interaction, making it relatively straightforward to execute once network access is obtained.

Detection Methods for CVE-2024-10476

Indicators of Compromise

Unexpected authentication attempts using default or common usernames on BD Diagnostic Solutions products
Unusual access patterns or login times from adjacent network segments
Unauthorized data access, modification, or deletion in diagnostic systems
Unexpected system shutdowns or service disruptions

Detection Strategies

Monitor authentication logs for successful logins using default account names
Implement network segmentation monitoring to detect lateral movement attempts toward diagnostic systems
Deploy intrusion detection systems (IDS) with rules for detecting default credential usage attempts
Audit user account activity and compare against authorized personnel access patterns

Monitoring Recommendations

Enable comprehensive logging on all BD Diagnostic Solutions products
Implement Security Information and Event Management (SIEM) correlation rules for detecting default credential abuse
Monitor network traffic to and from BD diagnostic systems for anomalous patterns
Regularly review access logs and audit trails for unauthorized access attempts

How to Mitigate CVE-2024-10476

Immediate Actions Required

Change all default credentials on affected BD Diagnostic Solutions products immediately
Implement strong, unique passwords for all system accounts
Restrict network access to diagnostic systems using network segmentation and firewall rules
Review and audit all user accounts on affected systems to ensure only authorized personnel have access
Verify deployment configuration to confirm whether your BD Synapsys™ installation is affected (NUC server installations only)

Patch Information

BD has released a cybersecurity vulnerability bulletin addressing this issue. Organizations should consult the BD Cybersecurity Vulnerability Bulletin for detailed remediation guidance and any available patches or updates.

Contact BD support for specific patch availability and installation instructions for your deployed products.

Workarounds

Immediately change all default credentials to strong, unique passwords
Implement network segmentation to isolate BD diagnostic systems from general network traffic
Deploy additional access controls such as multi-factor authentication where supported
Restrict physical and logical access to the network segments containing diagnostic equipment
Consider migrating BD Synapsys™ Informatics Solution installations from NUC servers to customer-provided virtual machines or BD Kiestra™ SCU hardware, which are not affected by this vulnerability

bash

# Example network segmentation configuration (conceptual)
# Isolate diagnostic systems on dedicated VLAN
# Configure firewall rules to restrict access to authorized management stations only
# Enable logging for all authentication attempts
# Implement access control lists (ACLs) limiting traffic to essential services

CVE-2024-10476 Overview

Critical Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive healthcare data (PHI/PII), data modification or deletion, and potential system shutdown affecting diagnostic operations in healthcare environments.

Affected Products

BD Diagnostic Solutions products with default credentials
BD Synapsys™ Informatics Solution (when installed on NUC server only)
Note: BD Synapsys™ Informatics Solution installed on customer-provided virtual machines or BD Kiestra™ SCU hardware is not affected

Discovery Timeline

2024-12-17 - CVE CVE-2024-10476 published to NVD
2024-12-17 - Last updated in NVD database

Technical Details for CVE-2024-10476

Vulnerability Analysis

Root Cause

Attack Vector

Once on the adjacent network, an attacker with knowledge of the default credentials could authenticate to the system and potentially:

Access sensitive patient data including PHI and PII
Modify or delete diagnostic data and system configurations
Disrupt system availability by shutting down services or the entire system

The attack requires low privileges and no user interaction, making it relatively straightforward to execute once network access is obtained.

Detection Methods for CVE-2024-10476

Indicators of Compromise

Unexpected authentication attempts using default or common usernames on BD Diagnostic Solutions products
Unusual access patterns or login times from adjacent network segments
Unauthorized data access, modification, or deletion in diagnostic systems
Unexpected system shutdowns or service disruptions

Detection Strategies

Monitor authentication logs for successful logins using default account names
Implement network segmentation monitoring to detect lateral movement attempts toward diagnostic systems
Deploy intrusion detection systems (IDS) with rules for detecting default credential usage attempts
Audit user account activity and compare against authorized personnel access patterns

Monitoring Recommendations

Enable comprehensive logging on all BD Diagnostic Solutions products
Implement Security Information and Event Management (SIEM) correlation rules for detecting default credential abuse
Monitor network traffic to and from BD diagnostic systems for anomalous patterns
Regularly review access logs and audit trails for unauthorized access attempts

How to Mitigate CVE-2024-10476

Immediate Actions Required

Change all default credentials on affected BD Diagnostic Solutions products immediately
Implement strong, unique passwords for all system accounts
Restrict network access to diagnostic systems using network segmentation and firewall rules
Review and audit all user accounts on affected systems to ensure only authorized personnel have access
Verify deployment configuration to confirm whether your BD Synapsys™ installation is affected (NUC server installations only)

Patch Information

Contact BD support for specific patch availability and installation instructions for your deployed products.

Workarounds

Immediately change all default credentials to strong, unique passwords
Implement network segmentation to isolate BD diagnostic systems from general network traffic
Deploy additional access controls such as multi-factor authentication where supported
Restrict physical and logical access to the network segments containing diagnostic equipment
Consider migrating BD Synapsys™ Informatics Solution installations from NUC servers to customer-provided virtual machines or BD Kiestra™ SCU hardware, which are not affected by this vulnerability

bash

# Example network segmentation configuration (conceptual)
# Isolate diagnostic systems on dedicated VLAN
# Configure firewall rules to restrict access to authorized management stations only
# Enable logging for all authentication attempts
# Implement access control lists (ACLs) limiting traffic to essential services

CVE-2024-10476: BD Diagnostic Solutions Auth Bypass Flaw

CVE-2024-10476 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2024-10476

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2024-10476

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2024-10476

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform

CVE-2024-10476: BD Diagnostic Solutions Auth Bypass Flaw

CVE-2024-10476 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2024-10476

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2024-10476

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2024-10476

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform