CVE-2017-6022

CRITICAL

BD PerformA <2.0.14.0 - Info Disclosure

Title source: llm

Description

A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database.

References (2)

[Mitigation, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97057

Scores

CVSS v3 9.8

EPSS 0.0053

EPSS Percentile 67.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-259 CWE-798

Status published

Products (3)

bd/kla_journal_service < 1.0.51

bd/performa < 2.0.14.0

n/a/BD Kiestra PerformA and KLA Journal Service BD Kiestra PerformA and KLA Journal Service

Published Jun 30, 2017

Tracked Since Feb 18, 2026