Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22767

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.

Published

2022-06-02T14:15:35.843

Last Modified

2024-11-21T06:47:24.450

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.5

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-262
Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	bd	pyxis_anesthesia_station_es_firmware	-	Yes
Hardware	bd	pyxis_anesthesia_station_es	-	No
Operating System	bd	pyxis_ciisafe_firmware	-	Yes
Hardware	bd	pyxis_ciisafe	-	No
Operating System	bd	pyxis_logistics_firmware	-	Yes
Hardware	bd	pyxis_logistics	-	No
Operating System	bd	pyxis_medbank_firmware	-	Yes
Hardware	bd	pyxis_medbank	-	No
Operating System	bd	pyxis_medstation_4000_firmware	-	Yes
Hardware	bd	pyxis_medstation_4000	-	No
Operating System	bd	pyxis_medstation_es_firmware	-	Yes
Hardware	bd	pyxis_medstation_es	-	No
Operating System	bd	pyxis_medstation_es_server_firmware	-	Yes
Hardware	bd	pyxis_medstation_es_server	-	No
Operating System	bd	pyxis_parassist_firmware	-	Yes
Hardware	bd	pyxis_parassist	-	No
Operating System	bd	pyxis_rapid_rx_firmware	-	Yes
Hardware	bd	pyxis_rapid_rx	-	No
Operating System	bd	pyxis_stockstation_firmware	-	Yes
Hardware	bd	pyxis_stockstation	-	No
Operating System	bd	pyxis_supplycenter_firmware	-	Yes
Hardware	bd	pyxis_supplycenter	-	No
Operating System	bd	pyxis_supplyroller_firmware	-	Yes
Hardware	bd	pyxis_supplyroller	-	No
Operating System	bd	pyxis_supplystation_firmware	-	Yes
Hardware	bd	pyxis_supplystation	-	No
Operating System	bd	pyxis_supplystation_ec_firmware	-	Yes
Hardware	bd	pyxis_supplystation_ec	-	No
Operating System	bd	pyxis_supplystation_rf_auxiliary_firmware	-	Yes
Hardware	bd	pyxis_supplystation_rf_auxiliary	-	No
Operating System	bd	rowa_pouch_packaging_systems_firmware	-	Yes
Hardware	bd	rowa_pouch_packaging_systems	-	No

References

https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials Vendor Advisory ([email protected])
https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)