FKIE_CVE-2022-22766
Vulnerability from fkie_nvd - Published: 2022-02-11 19:15 - Updated: 2024-11-21 06:47
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@bd.com | https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials | Vendor Advisory | |
| cybersecurity@bd.com | https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE68344-E519-4DEF-A91F-4094E0D88353",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F3ACBB-87CA-43D2-8E32-2656BDCFEB8D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_anesthesia_station_4000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97F86D1E-67B1-4C44-8F19-27271D4FF80D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_anesthesia_station_4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5261A6F0-0C16-48A4-AC8E-C56616C3EB69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_cato_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF216527-C831-4DDA-B06D-9EC32DC4E9D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_cato:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDB0372-AC19-4D48-892D-B188900B4D05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_ciisafe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3974AAD5-FDF0-49FD-AC76-77A0318A6A8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_ciisafe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0488CEEA-9504-4619-80F2-106AF8A3E4A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_inventory_connect_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E01B870-A465-4BB7-A8CC-D3A25C1C307A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_inventory_connect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB422BA-952D-4500-AF88-53F2CD55971A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_iv_prep_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99594833-0248-4484-9A80-C19D80DF5B05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_iv_prep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F467ED-38A7-40C2-A5B7-5437780A58D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_jitrbud_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C4E95E6-96B2-4A7D-A4F4-ECB6617762F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_jitrbud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07D68CF9-39A2-4CCA-90A1-C48EA64D292B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_kanban_rf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A5299E-F3AC-4813-8800-B8C8EDBC1624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_kanban_rf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "000D25AC-F562-4E8D-B9E9-F82B9751C9C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_logistics_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065D8497-C15B-4C16-B4F2-8BC47B556079",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_logistics:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0197950-E007-4748-89B5-06A1ABA06E39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_med_link_family_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B87C798-EC9F-4EA0-83AA-0CFBBC97FA01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_med_link_family:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BD8F0D-A061-45E8-9388-0FFD8C62FDA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_medbank_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5FEF7B-2C20-4D41-BEE7-3E07B7E7C69C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_medbank:-:*:*:*:*:*:*:*",
"matchCriteriaId": "246A5F4B-B994-4FC4-A696-1E67E2F9971B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_medstation_4000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B064580E-A862-4F20-A767-CF8CFC5972D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_medstation_4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65167BF4-9505-4C1A-8E48-B772A74271F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_medstation_es_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A426FE1F-6BC9-4290-9940-4D2209850412",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_medstation_es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB63AC0-5A51-494D-BDFA-BFD4B66A44D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_medstation_es_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA6158B-0D28-4CF6-8150-704605860F23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_medstation_es_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "042CAB2C-F252-4769-B38B-4DEC2C8D109A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_parassist_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D84B80-87CB-4ADA-9937-6F5981593AE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_parassist:-:*:*:*:*:*:*:*",
"matchCriteriaId": "192F2049-9575-48C2-9EF5-5CB8A2C0C65B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_pharmopack_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F938C6B4-0990-44F9-8B23-22DE96E4D303",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_pharmopack:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AF993B-08A3-42BE-B037-20137BFA3BB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_procedurestation_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F56324F6-B50E-4DF3-B90B-AD6A1FB4CC2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_procedurestation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F34CF1E-C07A-4AE9-AD7A-EDD060EE64D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_rapid_rx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "581094C6-A881-4A94-9BF6-8535424A374B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_rapid_rx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6C17CA-3731-4214-9388-BEBFCF2509D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_stockstation_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F44FA73D-106A-4466-8742-BC224CED9AD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_stockstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2699D945-7724-4CDA-9542-A9954D0B0BF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_supplycenter_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1D7FBA-EDD7-469E-B144-6BD4B7373F22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_supplycenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D619B7DE-C9A9-45FA-8A7F-DEED2838AD18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_supplyroller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF17CD6-4F0B-4FAB-9CCD-8223C4FE4D3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_supplyroller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56199C09-6164-4E73-B868-C3FE5BC74C40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_supplystation_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D153724-31AE-4474-8F2E-9B5D7C2D7CE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_supplystation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84A0B681-5D18-4D0F-B485-A90348AFD321",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:pyxis_track_and_deliver_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "119BFE9F-7FEA-454B-B373-298673069938",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:pyxis_track_and_deliver:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B02A859-9DEE-40BF-822B-BDB2AFEAB886",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bd:rowa_pouch_packaging_systems_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C472FE3-C043-456A-827C-F9E2ED704A52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bd:rowa_pouch_packaging_systems:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F707E6-6F04-45E5-BA9C-0109A34AC160",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information."
},
{
"lang": "es",
"value": "Unas credenciales embebidas son usadas en productos espec\u00edficos de BD Pyxis. Si es explotado, los actores de la amenaza pueden ser capaces de conseguir acceso al sistema de archivos subyacente y podr\u00edan potencialmente explotar los archivos de la aplicaci\u00f3n para obtener informaci\u00f3n que podr\u00eda ser usada para descifrar las credenciales de la aplicaci\u00f3n o para conseguir acceso a la informaci\u00f3n de salud electr\u00f3nica protegida (ePHI) u otra informaci\u00f3n confidencial"
}
],
"id": "CVE-2022-22766",
"lastModified": "2024-11-21T06:47:24.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-11T19:15:08.850",
"references": [
{
"source": "cybersecurity@bd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials"
},
{
"source": "cybersecurity@bd.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01"
}
],
"sourceIdentifier": "cybersecurity@bd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "cybersecurity@bd.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…