CVE-2022-43557
05.12.2022, 22:15
The BD BodyGuard infusion pumps specified allow for access through the RS-232(serial) port interface. If exploited, threat actors with physical access, specialized equipment andknowledge may be able to configure or disable the pump. No electronic protected health information(ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in thepump.Enginsight
| Vendor | Product | Version |
|---|---|---|
| bd | bodyguard_999-603_firmware | - |
| bd | bodyguard_duo_999-903_firmware | - |
| bd | bodyguard_epidural_999-683_firmware | - |
| bd | bodyguard_pain_manager_999-803_firmware | - |
| bd | bodyguard_t_999-103_firmware | - |
| bd | bodyguard_323_colorvision_firmware | - |
| bd | bodyguard_121_twins_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-1299 - Missing Protection Mechanism for Alternate Hardware InterfaceThe lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.