Search criteria

1 vulnerability by Becton Dickson (BD)

CVE-2022-40263 (GCVE-0-2022-40263)

Vulnerability from cvelistv5 – Published: 2022-11-04 18:58 – Updated: 2025-04-30 20:26
VLAI?
Summary
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability.
Severity ?
6.6 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
BD
References
Impacted products
Vendor Product Version
Becton Dickson (BD) BD Totalys MultiProcessor Affected: 1.70 , ≤ 1.70 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:14:39.984Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-totalys-multiprocessor-hardcoded-credentials"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-40263",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T20:26:30.689709Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T20:26:41.219Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BD Totalys MultiProcessor",
          "vendor": "Becton Dickson (BD)",
          "versions": [
            {
              "lessThanOrEqual": "1.70",
              "status": "affected",
              "version": "1.70",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-10-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-04T00:00:00.000Z",
        "orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
        "shortName": "BD"
      },
      "references": [
        {
          "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-totalys-multiprocessor-hardcoded-credentials"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This vulnerability is scheduled to be remediated in the BD Totalys MultiProcessor version 1.71 software release expected in the fourth quarter of 2022."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "BD Totalys MultiProcessor - Hardcoded Credentials",
      "workarounds": [
        {
          "lang": "en",
          "value": "Ensure physical access controls are in place and only authorized end-users have access to the BD Totalys\u2122 MultiProcessor. If the BD Totalys MultiProcessor must be connected to a network, ensure industry standard network security policies and procedures are followed."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
    "assignerShortName": "BD",
    "cveId": "CVE-2022-40263",
    "datePublished": "2022-11-04T18:58:53.817Z",
    "dateReserved": "2022-09-08T00:00:00.000Z",
    "dateUpdated": "2025-04-30T20:26:41.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}