Lucene search

BDCVELIST:CVE-2022-22766

HistoryFeb 11, 2022 - 6:12 p.m.

CVE-2022-22766 BD Pyxis Products - Hardcoded Credentials

2022-02-1118:12:07

CWE-798

www.cve.org

cve-2022-22766

bd pyxis products

hardcoded credentials

exploitation

file system

application files

ephi

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

10.4%

JSON

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.

CNA Affected

[
  {
    "product": "BD Pyxis Anesthesia Station ES",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis Anesthesia Station 4000",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis CATO",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis CIISafe",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis Inventory Connect",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis IV Prep",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis JITrBUD",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis KanBan RF",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis Logistics",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis Med Link Family",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis MedBank",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis MedStation 4000",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis MedStation ES",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis MedStation ES Server",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis ParAssist",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis PharmoPack",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis ProcedureStation (including EC)",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis Rapid Rx",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis StockStation",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis SupplyCenter",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis SupplyRoller",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis SupplyStation (including RF, EC, CP)",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Pyxis Track and Deliver",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "BD Rowa Pouch Packaging Systems",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  }
]

References

cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials

www.cisa.gov/uscert/ics/advisories/icsma-22-062-01

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

10.4%

JSON

Related for CVELIST:CVE-2022-22766