Bulletins
CRITICAL
This notification is voluntarily shared by BD with Information Sharing and Analysis Organizations (ISAOs).
BD communicates with our customers about cybersecurity vulnerabilities to help enable healthcare providers to manage potential risks through awareness and guidance.
BD is aware of and currently monitoring a vulnerability affecting BD Parata products and versions. This thirdparty vulnerability is not specific to BD or our products. Additionally, we have not received any reports of this vulnerability being exploited on BD products. BD is providing this update to let customers know which BD products could be affected by the following third-party SonicWall SonicOS Management vulnerability:
- CVE-2024-40766 – An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
- CVSS: 9.3 (Critical) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
This notification applies to the following BD products:
- BD Parata IntelliCab™ Will Call System
- BD Parata IntelliVault™ Controlled Substance Management System
Note: BD Parata IntelliCab™ and IntelliVault™ Solutions were previously known as BD Pyxis™ RapidRx.
This list does not indicate the patch or device status. It may be updated if more products are identified. Please check back periodically for updates.
BD is currently deploying the SonicWalll patch(es) to BD products that use the affected third-party component. Please check back periodically for updates. Please refer to the Bulletins and Patches page for all approved product security patching notifications.
Customers that maintain SonicWall patching should ensure the actions listed in the SonicWall advisory are performed in order to maintain the correct security posture of the system(s).
BD Service will contact customers who receive patch maintenance from BD once the patches have been deployed.
Additionally, BD recommends the following mitigations and compensating controls to reduce the risk(s) associated with this vulnerability:
- To minimize potential impact, please restrict firewall management access to trusted sources or disable firewall WAN management access from Internet sources. For more information see, how-can-i-restrict-SonicOS-admin-access or refer to the original advisory.
- Refer to the product User Guide if emergency cabinet access is required due to the SonicWall Firewall being unresponsive.
For product or site-specific concerns, contact your BD service representative.