admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/22xxx/CVE-2022-22767.json
CVE Team dff7f7a010
"-Synchronized-Data."
2022-06-02 13:46:07 +00:00

266 lines
12 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@bd.com",
"DATE_PUBLIC": "2022-05-31T15:00:00.000Z",
"ID": "CVE-2022-22767",
"STATE": "PUBLIC",
"TITLE": "BD Pyxis\u2122 Products \u2013 Default Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BD Pyxis\u2122 Anesthesia ES Station",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 CIISafe",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 Logistics",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 MedBank",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 MedStation\u2122 4000",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 MedStation\u2122 ES",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 MedStation\u2122 ES Server",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 ParAssist",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 Rapid Rx",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 StockStation",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 SupplyCenter",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 SupplyRoller",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 SupplyStation\u2122",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 SupplyStation\u2122 EC",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Pyxis\u2122 SupplyStation\u2122 RF auxiliary",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "BD Rowa\u2122 Pouch Packaging Systems",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Becton Dickinson (BD)"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To exploit this vulnerability, threat actors would have to gain access to the default credentials, infiltrate facility\u2019s network, and gain access to individual devices and/or servers."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific BD Pyxis\u2122 products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis\u2122 products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-262: Not Using Password Aging"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials",
"refsource": "CONFIRM",
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials"
}
]
},
"solution": [
{
"lang": "eng",
"value": "BD is currently strengthening our credential management capabilities in BD Pyxis\u2122 products. Service personnel are proactively working with customers whose domain-joined server(s) credentials require updates. BD is currently piloting a credential management solution that is initially targeted for only specific BD Pyxis\u2122 product versions and will allow for improved authentication management practices with specific local operating system credentials. Changes needed for installation, upgrade or to applications are being evaluated as part of the overall remediation.\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Limit physical access to only authorized personnel.\n"
},
{
"lang": "eng",
"value": "Tightly control management of system passwords provided to authorized users."
},
{
"lang": "eng",
"value": "Isolate affected products in a secure VLAN or behind firewalls with restricted access that only permits communication with trusted hosts in other networks when needed."
},
{
"lang": "eng",
"value": "Work with your local BD support team to ensure that patching and virus definitions are up to date. The BD Remote Support Services Solution for automated patching and virus definition management is an available solution for customer accounts."
}
]
}
Reference in New Issue View Git Blame Copy Permalink