CVE-2023-29063

LOW 2.4

Lack of DMA Access Protections

CVSS Score

2.4

EPSS Score

0.0%

EPSS Percentile

0th

The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.

CWE	CWE-1299
Vendor	becton, dickinson and company (bd)
Product	facschorus
Published	Nov 28, 2023
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for becton, dickinson and company (bd) facschorus

Be the first to know when new low vulnerabilities affecting becton, dickinson and company (bd) facschorus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected Versions

Becton, Dickinson and Company (BD) / FACSChorus

5.0 ≤ 5.1 3.0 ≤ 3.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bd.com: https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software