Known vulnerabilities

Known VulnerabilityBackground InformationAffected SCIEX ProductsRecommended ActionsComments

MongoBleed / CVE-2025-14847

https://nvd.nist.gov/vuln/detail/CVE-2025-14847

Vendor communications: https://jira.mongodb.org/browse/SERVER-115508MongoDB installed with SCIEX OS 3.0 - 4.0.1Download and install the “SCIEX OS Patch for Database” located at https://sciex.com/support/software-support/software-downloads.

MongoDB has developed its own patch, but in an effort to make patching easier when used with SCIEX OS software products, SCIEX recommends using the “SCIEX OS Patch for Database”.

Without the patch:

Network exposure vulnerability can be eliminated by ensuring either of these two settings is set up appropriately:

1. Windows Defender Firewall is configured to block incoming traffic on port 27017 (default shipping configuration)

2. MongoDB binding set to localhost 127.0.0.1 (default shipping configuration)

Please note that the system may still be vulnerable to local exposure. Organizations should maintain strict user access and appropriate credentials.

Windows 7 support has ended. There will be no security updates or any other support provided by Microsoft for Windows 7

20230126 Win7 obsolescence.pdf		https://support.microsoft.com/en-us/windows/windows-7-support-ended-on-january-14-2020-b75d4580-2cc7-895a-2c9c-1466d9a53962 https://learn.microsoft.com/en-us/troubleshoot/windows-client/windows-7-eos-faq/windows-7-extended-security-updates-faqAny acquisition or data processing computers operating on Windows 7Where possible, update the computer operating system to the SCIEX supported version of Windows 10.

Please contact customer support to discuss the best way to upgrade your system		To ensure system reliability and service support please make sure you are using preconfigured Windows 10 OS images provided by SCIEX for corresponding acquisition computers
CVE-2019-11157, CVE-2019-14598, CVE-2019-14607, CVE-2020-0531, CVE-2020-0532, CVE-2020-0534, CVE-2020-0535, CVE-2020-0536, CVE-2020-0537, CVE-2020-0538, CVE-2020-0539, CVE-2020-0540, CVE-2020-0541, CVE-2020-0542, CVE-2020-0594, CVE-2020-0595, CVE-2020-0596, CVE-2020-8674, CVE-2020-0543, CVE-2020-0548, CVE-2020-0549, CVE-2020-8753, CVE-2020-8744, CVE-2020-8745, CVE-2020-8705, CVE-2020-8757, CVE-2020-8756, CVE-2020-8760, CVE-2020-8754, CVE-2020-8747, CVE-2020-8755, CVE-2020-8746, CVE-2020-8749, CVE-2020-8752, CVE-2020-8696, CVE-2020-8698, CVE-2020-8694, CVE-2020-8695, CVE-2020-0587, CVE-2020-0591, CVE-2020-0592, CVE-2020-0593, CVE-2020-12303, CVE-2020-12355, CVE-2020-12356, CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-24507, CVE-2020-8703, CVE-2020-24506 , CVE-2020-24511, CVE-2020-24512, CVE-2021-0157, CVE-2021-33107, CVE-2021-0127, CVE-2021-0091, CVE-2021-0107, CVE-2021-0111, CVE-2021-0114, CVE-2021-0115, CVE-2021-0116, CVE-2021-0117, CVE-2021-0118, CVE-2021-0119, CVE-2021-0124, CVE-2021-0125, CVE-2021-0156, CVE-2021-3712, CVE-2021-33159, CVE-2022-21181, CVE-2022-0004, CVE-2022-0005, CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166, CVE-2022-21151, CVE-2022-29083 Alpha Workstation 2020Perform BIOS update to v 2.15The known vulnerabilities are listed as a cumulative collection between BIOS v 2.3.1 and BIOS v 2.15
CVE-2020-0587, CVE-2020-0591, CVE-2020-0592 CVE-2020-0593, CVE-2020-8696, CVE-2020-8698, CVE-2020-8694, CVE-2020-8695, CVE-2020-8753, CVE-2020-8745, CVE-2020-8705, CVE-2020-8757, CVE-2020-8756, CVE-2020-8760, CVE-2020-8751, CVE-2020-8754, CVE-2020-8747, CVE-2020-8746, CVE-2020-8749, CVE-2020-8752, CVE-2020-12303, CVE-2020-12355, CVE-2020-12356, CVE-2021-0099, CVE-2021-0103, CVE-2021-0107, CVE-2021-0111, CVE-2021-0114, CVE-2021-0115, CVE-2021-0115, CVE-2021-0116, CVE-2021-0117, CVE-2021-0118, CVE-2021-0125, and CVE-2021-0124 SCIEX Workstation, SCIEX Workstation+Perform BIOS updated version 2.25The known vulnerabilities are listed as a cumulative collection between BIOS v 2.4.0 and BIOS v 2.25
CVE-2020-0587, CVE-2020-0591, CVE-2020-0592 CVE-2020-0593, CVE-2020-8696, CVE-2020-8698, CVE-2020-8694, CVE-2020-8695, CVE-2020-8753, CVE-2020-8745, CVE-2020-8705, CVE-2020-8757, CVE-2020-8756, CVE-2020-8760, CVE-2020-8751, CVE-2020-8754, CVE-2020-8747, CVE-2020-8746, CVE-2020-8749, CVE-2020-8752, CVE-2020-12303, CVE-2020-12355, CVE-2020-12356, CVE-2021-0099, CVE-2021-0103, CVE-2021-0107, CVE-2021-0111, CVE-2021-0114, CVE-2021-0115, CVE-2021-0116, CVE-2021-0117, CVE-2021-0118, CVE-2021-0119, CVE-2021-0124, CVE-2021-0125, CVE-2021-0144, CVE-2021-0156, CVE-2021-0147, CVE-2022-2118, CVE-2022-0004, CVE-2021-21131, CVE-2021-21136, CVE-2022-21166, CVE-2021-0099, CVE-2021-0103, CVE-2021-0107, CVE-2021-0111, CVE-2021-0114, CVE-2021-0115, CVE-2021-0115, CVE-2021-0116, CVE-2021-0117, CVE-2021-0118, CVE-2021-0125, and CVE-2021-0124 TripleTOF Acquisition PC - Analyst TFPerform BIOS update version 2.25The known vulnerabilities are listed as a cumulative collection between BIOS v 2.4.0 and BIOS v 2.25
CVE-2020-0548 CVE-2020-0549, CVE-2020-0543, CVE-2020-5362, CVE-2020-0531, CVE-2020-0532, CVE-2020-0533, CVE-2020-0535, CVE-2020-0536, CVE-2020-0537, CVE-2020-0538, CVE-2020-0539, CVE-2020-0540, CVE-2020-0545, CVE-2020-0594, CVE-2020-0595, CVE-2020-0596, CVE-2020-8674, CVE-2020-8758, CVE-2022-26343 and CVE-2022-32231 ProteinPilot Processing PCPerform BIOS update version 2.29The known vulnerabilities are listed as a cumulative collection between BIOS v 2.3.1 and BIOS v 2.12
CVE-2021-44228: Apache Log4j2 arbitrary code execution.

NVD Guidance CVE-2021-44228

  1. StatusScope® 2.2 and below
  2. OneOmics™ 3.2
  1. To address StatusScope issue please:
    • Apply StatusScope® Remote Monitoring 2.2.1, now available on the SCIEX Software Download page
  2. To address OneOmics issue, a patch has been deployed by SCIEX directly to the cloud. No action for customer.
N/A
Remote Desktop Protocol vulnerability (Bluekeep)Microsoft Customer GuidanceProducts using Windows 7 OSInstall Windows OS updates as recommended by MicrosoftN/A
Request information