CVE-2022-22766

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
bdpyxis_anesthesia_station_es_firmware
*
bdpyxis_anesthesia_station_4000_firmware
*
bdpyxis_cato_firmware
*
bdpyxis_ciisafe_firmware
*
bdpyxis_inventory_connect_firmware
*
bdpyxis_iv_prep_firmware
*
bdpyxis_jitrbud_firmware
*
bdpyxis_kanban_rf_firmware
*
bdpyxis_logistics_firmware
*
bdpyxis_med_link_family_firmware
*
bdpyxis_medbank_firmware
*
bdpyxis_medstation_4000_firmware
*
bdpyxis_medstation_es_firmware
*
bdpyxis_medstation_es_server_firmware
*
bdpyxis_parassist_firmware
*
bdpyxis_pharmopack_firmware
*
bdpyxis_procedurestation_firmware
*
bdpyxis_rapid_rx_firmware
*
bdpyxis_stockstation_firmware
*
bdpyxis_supplycenter_firmware
*
bdpyxis_supplyroller_firmware
*
bdpyxis_supplystation_firmware
*
bdpyxis_track_and_deliver_firmware
*
bdrowa_pouch_packaging_systems_firmware
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01
https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01