Lucene search

BDCVELIST:CVE-2022-22765

HistoryFeb 12, 2022 - 2:30 a.m.

CVE-2022-22765 BD Viper LT System - Hardcoded Credentials

2022-02-1202:30:40

CWE-798

www.cve.org

cve-2022-22765

bd viper lt

hardcoded credentials

ephi

phi

pii

microsoft windows 10

operating system

vulnerability

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

7.8

Confidence

High

EPSS

Percentile

10.4%

JSON

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability.

CNA Affected

[
  {
    "product": "BD Viper LT System",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "next of 2.0",
        "versionType": "custom"
      }
    ]
  }
]

References

cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials

www.cisa.gov/uscert/ics/advisories/icsma-22-062-02

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

7.8

Confidence

High

EPSS

Percentile

10.4%

JSON

Related for CVELIST:CVE-2022-22765