Vulnerabilites related to bd - pyxis_pharmopack_firmware
Vulnerability from fkie_nvd
Published
2022-02-11 19:15
Modified
2024-11-21 06:47
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cybersecurity@bd.com | https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials | Vendor Advisory | |
| cybersecurity@bd.com | https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE68344-E519-4DEF-A91F-4094E0D88353",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F3ACBB-87CA-43D2-8E32-2656BDCFEB8D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_anesthesia_station_4000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97F86D1E-67B1-4C44-8F19-27271D4FF80D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_anesthesia_station_4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5261A6F0-0C16-48A4-AC8E-C56616C3EB69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_cato_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF216527-C831-4DDA-B06D-9EC32DC4E9D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_cato:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDB0372-AC19-4D48-892D-B188900B4D05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_ciisafe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3974AAD5-FDF0-49FD-AC76-77A0318A6A8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_ciisafe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0488CEEA-9504-4619-80F2-106AF8A3E4A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_inventory_connect_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E01B870-A465-4BB7-A8CC-D3A25C1C307A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_inventory_connect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB422BA-952D-4500-AF88-53F2CD55971A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_iv_prep_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99594833-0248-4484-9A80-C19D80DF5B05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_iv_prep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F467ED-38A7-40C2-A5B7-5437780A58D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_jitrbud_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C4E95E6-96B2-4A7D-A4F4-ECB6617762F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_jitrbud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07D68CF9-39A2-4CCA-90A1-C48EA64D292B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_kanban_rf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A5299E-F3AC-4813-8800-B8C8EDBC1624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_kanban_rf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "000D25AC-F562-4E8D-B9E9-F82B9751C9C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_logistics_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065D8497-C15B-4C16-B4F2-8BC47B556079",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_logistics:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0197950-E007-4748-89B5-06A1ABA06E39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_med_link_family_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B87C798-EC9F-4EA0-83AA-0CFBBC97FA01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_med_link_family:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BD8F0D-A061-45E8-9388-0FFD8C62FDA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_medbank_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5FEF7B-2C20-4D41-BEE7-3E07B7E7C69C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_medbank:-:*:*:*:*:*:*:*",
"matchCriteriaId": "246A5F4B-B994-4FC4-A696-1E67E2F9971B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_medstation_4000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B064580E-A862-4F20-A767-CF8CFC5972D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_medstation_4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65167BF4-9505-4C1A-8E48-B772A74271F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_medstation_es_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A426FE1F-6BC9-4290-9940-4D2209850412",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_medstation_es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB63AC0-5A51-494D-BDFA-BFD4B66A44D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_medstation_es_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA6158B-0D28-4CF6-8150-704605860F23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_medstation_es_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "042CAB2C-F252-4769-B38B-4DEC2C8D109A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_parassist_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D84B80-87CB-4ADA-9937-6F5981593AE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_parassist:-:*:*:*:*:*:*:*",
"matchCriteriaId": "192F2049-9575-48C2-9EF5-5CB8A2C0C65B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_pharmopack_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F938C6B4-0990-44F9-8B23-22DE96E4D303",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_pharmopack:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AF993B-08A3-42BE-B037-20137BFA3BB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_procedurestation_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F56324F6-B50E-4DF3-B90B-AD6A1FB4CC2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_procedurestation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34CF1E-C07A-4AE9-AD7A-EDD060EE64D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_rapid_rx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "581094C6-A881-4A94-9BF6-8535424A374B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_rapid_rx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6C17CA-3731-4214-9388-BEBFCF2509D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_stockstation_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F44FA73D-106A-4466-8742-BC224CED9AD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_stockstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2699D945-7724-4CDA-9542-A9954D0B0BF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_supplycenter_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1D7FBA-EDD7-469E-B144-6BD4B7373F22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_supplycenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D619B7DE-C9A9-45FA-8A7F-DEED2838AD18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_supplyroller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF17CD6-4F0B-4FAB-9CCD-8223C4FE4D3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_supplyroller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56199C09-6164-4E73-B868-C3FE5BC74C40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_supplystation_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D153724-31AE-4474-8F2E-9B5D7C2D7CE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_supplystation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84A0B681-5D18-4D0F-B485-A90348AFD321",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_track_and_deliver_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "119BFE9F-7FEA-454B-B373-298673069938",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_track_and_deliver:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B02A859-9DEE-40BF-822B-BDB2AFEAB886",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:rowa_pouch_packaging_systems_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C472FE3-C043-456A-827C-F9E2ED704A52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:rowa_pouch_packaging_systems:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F707E6-6F04-45E5-BA9C-0109A34AC160",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information."
},
{
"lang": "es",
"value": "Unas credenciales embebidas son usadas en productos espec\u00edficos de BD Pyxis. Si es explotado, los actores de la amenaza pueden ser capaces de conseguir acceso al sistema de archivos subyacente y podr\u00edan potencialmente explotar los archivos de la aplicaci\u00f3n para obtener informaci\u00f3n que podr\u00eda ser usada para descifrar las credenciales de la aplicaci\u00f3n o para conseguir acceso a la informaci\u00f3n de salud electr\u00f3nica protegida (ePHI) u otra informaci\u00f3n confidencial"
}
],
"id": "CVE-2022-22766",
"lastModified": "2024-11-21T06:47:24.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-11T19:15:08.850",
"references": [
{
"source": "cybersecurity@bd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials"
},
{
"source": "cybersecurity@bd.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01"
}
],
"sourceIdentifier": "cybersecurity@bd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-22766 (GCVE-0-2022-22766)
Vulnerability from cvelistv5
Published
2022-02-11 18:12
Modified
2024-09-16 19:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BD Pyxis Anesthesia Station ES",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis Anesthesia Station 4000",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis CATO",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis CIISafe",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis Inventory Connect",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis IV Prep",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis JITrBUD",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis KanBan RF",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis Logistics",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis Med Link Family",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis MedBank",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis MedStation 4000",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis MedStation ES",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis MedStation ES Server",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis ParAssist",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis PharmoPack",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis ProcedureStation (including EC)",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis Rapid Rx",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis StockStation",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis SupplyCenter",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis SupplyRoller",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis SupplyStation (including RF, EC, CP)",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Pyxis Track and Deliver",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "BD Rowa Pouch Packaging Systems",
"vendor": "Becton Dickinson (BD)",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2022-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T15:28:22",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BD Pyxis Products - Hardcoded Credentials",
"workarounds": [
{
"lang": "en",
"value": "Limit physical access to the device to only authorized personnel. Tightly control management of BD Pyxis system credentials provided to authorized users. Isolate affected products in a secure VLAN or behind firewalls with restricted access that only permits communication with trusted hosts in other networks when needed. Monitor and log all network traffic attempting to reach the affected products for suspicious activity. Work with your local BD support team ensure all patching and virus definitions are up to date. The Pyxis Security Module for automated patching and virus definition management is provided to all accounts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@bd.com",
"DATE_PUBLIC": "2022-02-12T04:00:00.000Z",
"ID": "CVE-2022-22766",
"STATE": "PUBLIC",
"TITLE": "BD Pyxis Products - Hardcoded Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BD Pyxis Anesthesia Station ES",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis Anesthesia Station 4000",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis CATO",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis CIISafe",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis Inventory Connect",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis IV Prep",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis JITrBUD",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis KanBan RF",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis Logistics",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis Med Link Family",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis MedBank",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis MedStation 4000",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis MedStation ES",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis MedStation ES Server",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis ParAssist",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis PharmoPack",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis ProcedureStation (including EC)",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis Rapid Rx",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis StockStation",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis SupplyCenter",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis SupplyRoller",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis SupplyStation (including RF, EC, CP)",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Pyxis Track and Deliver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
},
{
"product_name": "BD Rowa Pouch Packaging Systems",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Becton Dickinson (BD)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials",
"refsource": "CONFIRM",
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Limit physical access to the device to only authorized personnel. Tightly control management of BD Pyxis system credentials provided to authorized users. Isolate affected products in a secure VLAN or behind firewalls with restricted access that only permits communication with trusted hosts in other networks when needed. Monitor and log all network traffic attempting to reach the affected products for suspicious activity. Work with your local BD support team ensure all patching and virus definitions are up to date. The Pyxis Security Module for automated patching and virus definition management is provided to all accounts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2022-22766",
"datePublished": "2022-02-11T18:12:07.247407Z",
"dateReserved": "2022-01-07T00:00:00",
"dateUpdated": "2024-09-16T19:15:26.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}