Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveBDCVE-2022-22767
HistoryJun 02, 2022 - 2:15 p.m.

CVE-2022-22767

2022-06-0214:15:35
CWE-522
CWE-262
BD
web.nvd.nist.gov
42
5
cve-2022-22767
bd pyxis
default credentials
ephi
sensitive information
security vulnerability

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

26.4%

JSON

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.

Affected configurations

Nvd
Node
bdpyxis_anesthesia_station_es_firmwareMatch-
AND
bdpyxis_anesthesia_station_esMatch-
Node
bdpyxis_ciisafe_firmwareMatch-
AND
bdpyxis_ciisafeMatch-
Node
bdpyxis_logistics_firmwareMatch-
AND
bdpyxis_logisticsMatch-
Node
bdpyxis_medbank_firmwareMatch-
AND
bdpyxis_medbankMatch-
Node
bdpyxis_medstation_4000_firmwareMatch-
AND
bdpyxis_medstation_4000Match-
Node
bdpyxis_medstation_es_firmwareMatch-
AND
bdpyxis_medstation_esMatch-
Node
bdpyxis_medstation_es_server_firmwareMatch-
AND
bdpyxis_medstation_es_serverMatch-
Node
bdpyxis_parassist_firmwareMatch-
AND
bdpyxis_parassistMatch-
Node
bdpyxis_rapid_rx_firmwareMatch-
AND
bdpyxis_rapid_rxMatch-
Node
bdpyxis_stockstation_firmwareMatch-
AND
bdpyxis_stockstationMatch-
Node
bdpyxis_supplycenter_firmwareMatch-
AND
bdpyxis_supplycenterMatch-
Node
bdpyxis_supplyroller_firmwareMatch-
AND
bdpyxis_supplyrollerMatch-
Node
bdpyxis_supplystation_firmwareMatch-
AND
bdpyxis_supplystationMatch-
Node
bdpyxis_supplystation_ec_firmwareMatch-
AND
bdpyxis_supplystation_ecMatch-
Node
bdpyxis_supplystation_rf_auxiliary_firmwareMatch-
AND
bdpyxis_supplystation_rf_auxiliaryMatch-
Node
bdrowa_pouch_packaging_systems_firmwareMatch-
AND
bdrowa_pouch_packaging_systemsMatch-
VendorProductVersionCPE
bdpyxis_anesthesia_station_es_firmware-cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:-:*:*:*:*:*:*:*
bdpyxis_anesthesia_station_es-cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*
bdpyxis_ciisafe_firmware-cpe:2.3:o:bd:pyxis_ciisafe_firmware:-:*:*:*:*:*:*:*
bdpyxis_ciisafe-cpe:2.3:h:bd:pyxis_ciisafe:-:*:*:*:*:*:*:*
bdpyxis_logistics_firmware-cpe:2.3:o:bd:pyxis_logistics_firmware:-:*:*:*:*:*:*:*
bdpyxis_logistics-cpe:2.3:h:bd:pyxis_logistics:-:*:*:*:*:*:*:*
bdpyxis_medbank_firmware-cpe:2.3:o:bd:pyxis_medbank_firmware:-:*:*:*:*:*:*:*
bdpyxis_medbank-cpe:2.3:h:bd:pyxis_medbank:-:*:*:*:*:*:*:*
bdpyxis_medstation_4000_firmware-cpe:2.3:o:bd:pyxis_medstation_4000_firmware:-:*:*:*:*:*:*:*
bdpyxis_medstation_4000-cpe:2.3:h:bd:pyxis_medstation_4000:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 321

CNA Affected

[
  {
    "product": "BD Pyxis™ Anesthesia ES Station",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ CIISafe",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ Logistics",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ MedBank",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ MedStation™ 4000",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ MedStation™ ES",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ MedStation™ ES Server",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ ParAssist",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ Rapid Rx",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ StockStation",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ SupplyCenter",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ SupplyRoller",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ SupplyStation™",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ SupplyStation™ EC",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Pyxis™ SupplyStation™ RF auxiliary",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "BD Rowa™ Pouch Packaging Systems",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

Social References

More

Related

ics 1
prion 1
cvelist 1
nvd 1
ics
ics
BD Pyxis
2022-05-31 12:00:00
prion
prion
Default credentials
2022-06-02 14:15:00
cvelist
cvelist
CVE-2022-22767 BD Pyxis™ Products – Default Credentials
2022-06-01 16:35:38
nvd
nvd
CVE-2022-22767
2022-06-02 14:15:35

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

26.4%

JSON
Related for CVE-2022-22767
ics1prion1cvelist1nvd1