Lucene search

BDCVE-2022-22766

HistoryFeb 11, 2022 - 7:15 p.m.

CVE-2022-22766

2022-02-1119:15:08

CWE-798

web.nvd.nist.gov

104

cve-2022-22766

bd pyxis

hardcoded credentials

file system access

ephi breach

information security

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.5

Confidence

High

EPSS

Percentile

10.4%

JSON

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.

Affected configurations

Nvd

Node

bdpyxis_anesthesia_station_es_firmware

AND

bdpyxis_anesthesia_station_esMatch-

Node

bdpyxis_anesthesia_station_4000_firmware

AND

bdpyxis_anesthesia_station_4000Match-

Node

bdpyxis_cato_firmware

AND

bdpyxis_catoMatch-

Node

bdpyxis_ciisafe_firmware

AND

bdpyxis_ciisafeMatch-

Node

bdpyxis_inventory_connect_firmware

AND

bdpyxis_inventory_connectMatch-

Node

bdpyxis_iv_prep_firmware

AND

bdpyxis_iv_prepMatch-

Node

bdpyxis_jitrbud_firmware

AND

bdpyxis_jitrbudMatch-

Node

bdpyxis_kanban_rf_firmware

AND

bdpyxis_kanban_rfMatch-

Node

bdpyxis_logistics_firmware

AND

bdpyxis_logisticsMatch-

Node

bdpyxis_med_link_family_firmware

AND

bdpyxis_med_link_familyMatch-

Node

bdpyxis_medbank_firmware

AND

bdpyxis_medbankMatch-

Node

bdpyxis_medstation_4000_firmware

AND

bdpyxis_medstation_4000Match-

Node

bdpyxis_medstation_es_firmware

AND

bdpyxis_medstation_esMatch-

Node

bdpyxis_medstation_es_server_firmware

AND

bdpyxis_medstation_es_serverMatch-

Node

bdpyxis_parassist_firmware

AND

bdpyxis_parassistMatch-

Node

bdpyxis_pharmopack_firmware

AND

bdpyxis_pharmopackMatch-

Node

bdpyxis_procedurestation_firmware

AND

bdpyxis_procedurestationMatch-

Node

bdpyxis_rapid_rx_firmware

AND

bdpyxis_rapid_rxMatch-

Node

bdpyxis_stockstation_firmware

AND

bdpyxis_stockstationMatch-

Node

bdpyxis_supplycenter_firmware

AND

bdpyxis_supplycenterMatch-

Node

bdpyxis_supplyroller_firmware

AND

bdpyxis_supplyrollerMatch-

Node

bdpyxis_supplystation_firmware

AND

bdpyxis_supplystationMatch-

Node

bdpyxis_track_and_deliver_firmware

AND

bdpyxis_track_and_deliverMatch-

Node

bdrowa_pouch_packaging_systems_firmware

AND

bdrowa_pouch_packaging_systemsMatch-

VendorProductVersionCPE
bdpyxis_anesthesia_station_es_firmware*cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:*:*:*:*:*:*:*:*
bdpyxis_anesthesia_station_es-cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*
bdpyxis_anesthesia_station_4000_firmware*cpe:2.3:o:bd:pyxis_anesthesia_station_4000_firmware:*:*:*:*:*:*:*:*
bdpyxis_anesthesia_station_4000-cpe:2.3:h:bd:pyxis_anesthesia_station_4000:-:*:*:*:*:*:*:*
bdpyxis_cato_firmware*cpe:2.3:o:bd:pyxis_cato_firmware:*:*:*:*:*:*:*:*
bdpyxis_cato-cpe:2.3:h:bd:pyxis_cato:-:*:*:*:*:*:*:*
bdpyxis_ciisafe_firmware*cpe:2.3:o:bd:pyxis_ciisafe_firmware:*:*:*:*:*:*:*:*
bdpyxis_ciisafe-cpe:2.3:h:bd:pyxis_ciisafe:-:*:*:*:*:*:*:*
bdpyxis_inventory_connect_firmware*cpe:2.3:o:bd:pyxis_inventory_connect_firmware:*:*:*:*:*:*:*:*
bdpyxis_inventory_connect-cpe:2.3:h:bd:pyxis_inventory_connect:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bd	pyxis_anesthesia_station_es_firmware	*	cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware::::::::
bd	pyxis_anesthesia_station_es	-	cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:::::::*
bd	pyxis_anesthesia_station_4000_firmware	*	cpe:2.3:o:bd:pyxis_anesthesia_station_4000_firmware::::::::
bd	pyxis_anesthesia_station_4000	-	cpe:2.3:h:bd:pyxis_anesthesia_station_4000:-:::::::*
bd	pyxis_cato_firmware	*	cpe:2.3:o:bd:pyxis_cato_firmware::::::::
bd	pyxis_cato	-	cpe:2.3:h:bd:pyxis_cato:-:::::::*
bd	pyxis_ciisafe_firmware	*	cpe:2.3:o:bd:pyxis_ciisafe_firmware::::::::
bd	pyxis_ciisafe	-	cpe:2.3:h:bd:pyxis_ciisafe:-:::::::*
bd	pyxis_inventory_connect_firmware	*	cpe:2.3:o:bd:pyxis_inventory_connect_firmware::::::::
bd	pyxis_inventory_connect	-	cpe:2.3:h:bd:pyxis_inventory_connect:-:::::::*

Rows per page:

1-10 of 481

CNA Affected

[
  {
    "product": "BD Pyxis Anesthesia Station ES",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis Anesthesia Station 4000",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis CATO",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis CIISafe",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis Inventory Connect",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis IV Prep",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis JITrBUD",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis KanBan RF",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis Logistics",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis Med Link Family",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis MedBank",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis MedStation 4000",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis MedStation ES",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis MedStation ES Server",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis ParAssist",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis PharmoPack",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis ProcedureStation (including EC)",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis Rapid Rx",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis StockStation",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis SupplyCenter",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis SupplyRoller",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis SupplyStation (including RF, EC, CP)",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis Track and Deliver",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Rowa Pouch Packaging Systems",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  }
]

References

cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials

www.cisa.gov/uscert/ics/advisories/icsma-22-062-01

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.5

Confidence

High

EPSS

Percentile

10.4%

JSON

Related for CVE-2022-22766