CVE-2023-29066

LOW 3.2

Incorrect User Management

CVSS Score

3.2

EPSS Score

0.0%

EPSS Percentile

0th

The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.

CWE	CWE-266
Vendor	becton, dickinson and company (bd)
Product	facschorus
Published	Nov 28, 2023
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for becton, dickinson and company (bd) facschorus

Be the first to know when new low vulnerabilities affecting becton, dickinson and company (bd) facschorus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Affected Versions

Becton, Dickinson and Company (BD) / FACSChorus

5.0 ≤ 5.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bd.com: https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software