OTPulse
FeedAboutContact

BD FACSLyric (Update A)

Monitor6.8ICS-CERT ICSMA-19-029-02Jan 29, 2019
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

FACSLyric flow cytometry systems running Windows 10 Professional Operating System are vulnerable to privilege escalation due to improper access controls (CWE-284). An attacker with physical access could gain administrative-level privileges and execute arbitrary commands on the instrument control workstation. The vulnerability affects FACSLyric IVD systems (U.S. release) and FACSLyric RUO systems (U.S. and Malaysian releases, November 2017–November 2018). Systems running Windows 7 are not affected. BD is disabling administrative accounts on RUO systems and replacing workstations on IVD systems as remediation.

What this means
What could happen
An attacker with physical access to the FACSLyric workstation could escalate privileges to administrator level and run arbitrary commands, potentially compromising instrument control, data integrity, or allowing malware installation.
Who's at risk
BD FACSLyric flow cytometry systems used in research or in vitro diagnostics (IVD) settings that run Windows 10 Professional Operating System. This affects laboratory technicians, facility managers, and IT staff responsible for laboratory equipment security at research institutions, clinical labs, or diagnostic centers.
How it could be exploited
The vulnerability requires physical access to the workstation. An attacker would exploit a privilege escalation flaw in the Windows 10 Pro operating system configuration on FACSLyric systems to gain administrative-level access and execute arbitrary commands on the instrument control computer.
Prerequisites
  • Physical access to the FACSLyric workstation
  • Windows 10 Professional Operating System (specific U.S. release for IVD, or U.S./Malaysian releases between November 2017–November 2018 for RUO)
  • No user authentication required to trigger the vulnerability
Physical access required (reduces remote risk but increases insider/facility risk)No authentication required for exploitationPrivilege escalation to administrative levelAffects Windows 10 Pro configuration (common in research/diagnostic labs)No patch available for IVD systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 pending
ProductAffected VersionsFix Status
FACSLyric: IVD Windows 10 Professional Operating System U.S. releaseWindows 10 Professional Operating System U.S. releaseNo fix yet
FACSLyric: Research Use Only Windows 10 Professional Operating System U.S. and Malaysian Releases between November 2017 and November 2018Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018No fix yet
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDFor FACSLyric RUO units: Coordinate with BD to have the administrative account disabled on your Windows 10 Pro workstations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXFor FACSLyric IVD units: Schedule replacement of Windows 10 Pro workstations with BD according to their replacement timeline
Long-term hardening
0/1
HARDENINGImplement physical access controls to restrict unauthorized personnel from accessing FACSLyric instrument workstations
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/935de724-0d87-4814-9ae0-2df19661524a
BD FACSLyric (Update A) | CVSS 6.8 - OTPulse