Description: The BD FACSChorus™ v5.0, v5.1, v3.0, and v3.1 and the respective workstations are designed for Research Use Only (RUO) and are not cleared for use in a clinical care environment/application. Therefore, there is no impact to patient safety.

CISA Number: ICSMA-23-331-01

CVE Number: Multiple

Vendor Website: Information Here

Additional Information:

• BD FACSChorus™ v5.0, v5.1, v3.0, and v3.1 and the respective workstations
  • CVE-2023-29060 – Lack of USB Whitelisting (Medium)
  • CVE-2023-29061 – Lack of Adequate BIOS Authentication (Medium)
  • CVE-2023-29062 – Unsecure Identity Verification (Low)
  • CVE-2023-29063 – Lack of DMA Access Protection (Low)

• Only BD FACSChorus™ v5.0 and v5.1 and the respective workstations
  • CVE-2023-29064 – Hardcoded Secrets (Medium)
  • CVE-2023-29065 – Overly Permissive Access Policy (Medium)
  • CVE-2023-29066 – Incorrect User Management (Low)