cvelist/2018/10xxx/CVE-2018-10593.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "ics-cert@hq.dhs.gov",
      "DATE_PUBLIC" : "2018-05-22T00:00:00",
      "ID" : "CVE-2018-10593",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Kiestra and InoqulA systems",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Becton, Dickinson and Company"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "A vulnerability in DB Manager version 3.0.1.0 and PerformA version 3.0.0.0 allows an authorized user with access to a privileged account on a BD Kiestra system to issue SQL commands, which may result in data corruption. BD intends to implement necessary mitigation controls by July 2018. This mitigation will include removing the functionality to trigger SQL functions in DB Manager and PerformA."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Product UI does not warn user of unsafe actions CWE-356"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"
         }
      ]
   }
}
- Synchronized data. 2018-05-01 14:05:39 -04:00			`{`
			`"CVE_data_meta" : {`
- Added submissions from ICS-CERT for ICSMA-18-142-01 from 2018-05-24. 2018-05-24 11:23:40 -04:00			`"ASSIGNER" : "ics-cert@hq.dhs.gov",`
			`"DATE_PUBLIC" : "2018-05-22T00:00:00",`
- Synchronized data. 2018-05-01 14:05:39 -04:00			`"ID" : "CVE-2018-10593",`
- Added submissions from ICS-CERT for ICSMA-18-142-01 from 2018-05-24. 2018-05-24 11:23:40 -04:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "Kiestra and InoqulA systems",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "Kiestra TLA, BD Kiestra WCA, and BD InoqulA+ specimen processor using Database (DB) Manager version 3.0.1.0, and previous, and PerformA version 3.0.0.0 and previous."`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "Becton, Dickinson and Company"`
			`}`
			`]`
			`}`
- Synchronized data. 2018-05-01 14:05:39 -04:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Added submissions from ICS-CERT for ICSMA-18-142-01 from 2018-05-24. 2018-05-24 11:23:40 -04:00			`"value" : "A vulnerability in DB Manager version 3.0.1.0 and PerformA version 3.0.0.0 allows an authorized user with access to a privileged account on a BD Kiestra system to issue SQL commands, which may result in data corruption. BD intends to implement necessary mitigation controls by July 2018. This mitigation will include removing the functionality to trigger SQL functions in DB Manager and PerformA."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Product UI does not warn user of unsafe actions CWE-356"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
			`"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01"`
- Synchronized data. 2018-05-01 14:05:39 -04:00			`}`
			`]`
			`}`
			`}`