Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22766

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.

Published

2022-02-11T19:15:08.850

Last Modified

2024-11-21T06:47:24.280

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-798
Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	bd	pyxis_anesthesia_station_es_firmware	*	Yes
Hardware	bd	pyxis_anesthesia_station_es	-	No
Operating System	bd	pyxis_anesthesia_station_4000_firmware	*	Yes
Hardware	bd	pyxis_anesthesia_station_4000	-	No
Operating System	bd	pyxis_cato_firmware	*	Yes
Hardware	bd	pyxis_cato	-	No
Operating System	bd	pyxis_ciisafe_firmware	*	Yes
Hardware	bd	pyxis_ciisafe	-	No
Operating System	bd	pyxis_inventory_connect_firmware	*	Yes
Hardware	bd	pyxis_inventory_connect	-	No
Operating System	bd	pyxis_iv_prep_firmware	*	Yes
Hardware	bd	pyxis_iv_prep	-	No
Operating System	bd	pyxis_jitrbud_firmware	*	Yes
Hardware	bd	pyxis_jitrbud	-	No
Operating System	bd	pyxis_kanban_rf_firmware	*	Yes
Hardware	bd	pyxis_kanban_rf	-	No
Operating System	bd	pyxis_logistics_firmware	*	Yes
Hardware	bd	pyxis_logistics	-	No
Operating System	bd	pyxis_med_link_family_firmware	*	Yes
Hardware	bd	pyxis_med_link_family	-	No
Operating System	bd	pyxis_medbank_firmware	*	Yes
Hardware	bd	pyxis_medbank	-	No
Operating System	bd	pyxis_medstation_4000_firmware	*	Yes
Hardware	bd	pyxis_medstation_4000	-	No
Operating System	bd	pyxis_medstation_es_firmware	*	Yes
Hardware	bd	pyxis_medstation_es	-	No
Operating System	bd	pyxis_medstation_es_server_firmware	*	Yes
Hardware	bd	pyxis_medstation_es_server	-	No
Operating System	bd	pyxis_parassist_firmware	*	Yes
Hardware	bd	pyxis_parassist	-	No
Operating System	bd	pyxis_pharmopack_firmware	*	Yes
Hardware	bd	pyxis_pharmopack	-	No
Operating System	bd	pyxis_procedurestation_firmware	*	Yes
Hardware	bd	pyxis_procedurestation	-	No
Operating System	bd	pyxis_rapid_rx_firmware	*	Yes
Hardware	bd	pyxis_rapid_rx	-	No
Operating System	bd	pyxis_stockstation_firmware	*	Yes
Hardware	bd	pyxis_stockstation	-	No
Operating System	bd	pyxis_supplycenter_firmware	*	Yes
Hardware	bd	pyxis_supplycenter	-	No
Operating System	bd	pyxis_supplyroller_firmware	*	Yes
Hardware	bd	pyxis_supplyroller	-	No
Operating System	bd	pyxis_supplystation_firmware	*	Yes
Hardware	bd	pyxis_supplystation	-	No
Operating System	bd	pyxis_track_and_deliver_firmware	*	Yes
Hardware	bd	pyxis_track_and_deliver	-	No
Operating System	bd	rowa_pouch_packaging_systems_firmware	*	Yes
Hardware	bd	rowa_pouch_packaging_systems	-	No

References

https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials Vendor Advisory ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01 Third Party Advisory, US Government Resource ([email protected])
https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)