CVE-2022-22766

EUVD-2022-27909
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
BDCNA
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
bdpyxis_anesthesia_station_es_firmware
*
bdpyxis_anesthesia_station_4000_firmware
*
bdpyxis_cato_firmware
*
bdpyxis_ciisafe_firmware
*
bdpyxis_inventory_connect_firmware
*
bdpyxis_iv_prep_firmware
*
bdpyxis_jitrbud_firmware
*
bdpyxis_kanban_rf_firmware
*
bdpyxis_logistics_firmware
*
bdpyxis_med_link_family_firmware
*
bdpyxis_medbank_firmware
*
bdpyxis_medstation_4000_firmware
*
bdpyxis_medstation_es_firmware
*
bdpyxis_medstation_es_server_firmware
*
bdpyxis_parassist_firmware
*
bdpyxis_pharmopack_firmware
*
bdpyxis_procedurestation_firmware
*
bdpyxis_rapid_rx_firmware
*
bdpyxis_stockstation_firmware
*
bdpyxis_supplycenter_firmware
*
bdpyxis_supplyroller_firmware
*
bdpyxis_supplystation_firmware
*
bdpyxis_track_and_deliver_firmware
*
bdrowa_pouch_packaging_systems_firmware
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01
https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01