FKIE_CVE-2022-43557

Vulnerability from fkie_nvd - Published: 2022-12-05 22:15 - Updated: 2024-11-21 07:26
Severity ?
5.3 (Medium) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
5.3 (Medium) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Summary
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.
References
cybersecurity@bd.comhttps://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-bodyguard-pumps-rs-232-interface-vulnerabilityMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-bodyguard-pumps-rs-232-interface-vulnerabilityMitigation, Vendor Advisory
Impacted products
Vendor Product Version
bd bodyguard_999-603_firmware -
bd bodyguard_999-603 -
bd bodyguard_duo_999-903_firmware -
bd bodyguard_duo_999-903 -
bd bodyguard_epidural_999-683_firmware -
bd bodyguard_epidural_999-683 -
bd bodyguard_pain_manager_999-803_firmware -
bd bodyguard_pain_manager_999-803 -
bd bodyguard_t_999-103_firmware -
bd bodyguard_t_999-103 -
bd bodyguard_323_colorvision_firmware -
bd bodyguard_323_colorvision -
bd bodyguard_121_twins_firmware -
bd bodyguard_121_twins -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bd:bodyguard_999-603_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "093FC957-1538-4527-A3EA-6E7A0AFF5F24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bd:bodyguard_999-603:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F62210B-9BE2-48B8-BE9E-8C8752EE9357",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bd:bodyguard_duo_999-903_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A820DFD-CF7C-47DA-856C-05105FCB8E4B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bd:bodyguard_duo_999-903:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A27B7FC-8BC6-4D22-9378-124960097B92",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bd:bodyguard_epidural_999-683_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FFF5B40-E6A0-4E72-884E-62D323004AD3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bd:bodyguard_epidural_999-683:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB4F922F-B7A7-4CC0-BB42-C0024CA5DB18",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bd:bodyguard_pain_manager_999-803_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4BE9912-5A3E-4F58-8A03-79C74F021D2A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bd:bodyguard_pain_manager_999-803:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F60BFC6-49DA-46BD-A0EA-5FF517F87747",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bd:bodyguard_t_999-103_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "962F010D-A907-4191-8886-5826AC8A6E0C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bd:bodyguard_t_999-103:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73117ED4-FC44-4304-B3F1-DA30D37E6D54",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bd:bodyguard_323_colorvision_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53213FF-B33A-43B6-97E4-96C3D9AB2459",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bd:bodyguard_323_colorvision:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "29711249-0DFE-45B7-A546-37B216E0E184",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bd:bodyguard_121_twins_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A1DB56C-C1C0-4152-B079-33065D2ABB17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bd:bodyguard_121_twins:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE044C5-1CAE-43CC-8A99-8F2552490032",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The BD BodyGuard\u2122 infusion pumps specified allow for access through the RS-232\u00a0(serial) port interface. If exploited, threat actors with physical access, specialized equipment and\u00a0knowledge may be able to configure or disable the pump. No electronic protected health information\u00a0(ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the\u00a0pump."
    },
    {
      "lang": "es",
      "value": "Las bombas de infusi\u00f3n BD BodyGuard\u2122 especificadas permiten el acceso a trav\u00e9s de la interfaz del puerto RS-232 (serie). Si se explotan, los actores de amenazas con acceso f\u00edsico, equipo especializado y conocimientos pueden configurar o desactivar la bomba. En la bomba no se almacena informaci\u00f3n de salud electr\u00f3nica protegida (ePHI), informaci\u00f3n de salud protegida (PHI) ni informaci\u00f3n de identificaci\u00f3n personal (PII)."
    }
  ],
  "id": "CVE-2022-43557",
  "lastModified": "2024-11-21T07:26:47.053",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 4.7,
        "source": "cybersecurity@bd.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 4.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-05T22:15:11.157",
  "references": [
    {
      "source": "cybersecurity@bd.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-bodyguard-pumps-rs-232-interface-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-bodyguard-pumps-rs-232-interface-vulnerability"
    }
  ],
  "sourceIdentifier": "cybersecurity@bd.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1299"
        }
      ],
      "source": "cybersecurity@bd.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.