2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2022-22767" ,
"sourceIdentifier" : "cybersecurity@bd.com" ,
"published" : "2022-06-02T14:15:35.843" ,
2024-11-23 15:12:23 +00:00
"lastModified" : "2024-11-21T06:47:24.450" ,
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Specific BD Pyxis\u2122 products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis\u2122 products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information."
} ,
{
"lang" : "es" ,
"value" : "Unos productos espec\u00edficos de BD Pyxis\u2122 se instalaron con credenciales por defecto y actualmente pueden seguir funcionando con estas credenciales. Puede haber situaciones en las que los productos BD Pyxis\u2122 sean instalados con las mismas credenciales por defecto del sistema operativo local o con las credenciales de los servidores unidos a un dominio que pueden ser compartidas entre los distintos tipos de productos. Si es explotado, los actores de la amenaza pueden ser capaces de conseguir acceso privilegiado al sistema de archivos subyacente y podr\u00edan potencialmente explotar u conseguir acceso a ePHI u otra informaci\u00f3n confidencial"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
2024-11-23 15:12:23 +00:00
"source" : "cybersecurity@bd.com" ,
"type" : "Secondary" ,
2023-04-24 12:24:31 +02:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
2024-11-23 15:12:23 +00:00
"baseScore" : 8.8 ,
"baseSeverity" : "HIGH" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "ADJACENT_NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-11-23 15:12:23 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 5.9
} ,
{
2024-11-23 15:12:23 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-04-24 12:24:31 +02:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
2024-11-23 15:12:23 +00:00
"baseScore" : 8.8 ,
"baseSeverity" : "HIGH" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "ADJACENT_NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-11-23 15:12:23 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:A/AC:L/Au:N/C:C/I:C/A:C" ,
2024-11-23 15:12:23 +00:00
"baseScore" : 8.3 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "ADJACENT_NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "COMPLETE" ,
"integrityImpact" : "COMPLETE" ,
2024-11-23 15:12:23 +00:00
"availabilityImpact" : "COMPLETE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 6.5 ,
"impactScore" : 10.0 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
2024-11-23 15:12:23 +00:00
"source" : "cybersecurity@bd.com" ,
"type" : "Secondary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
2024-11-23 15:12:23 +00:00
"value" : "CWE-262"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
2024-11-23 15:12:23 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
2024-11-23 15:12:23 +00:00
"value" : "CWE-522"
2023-04-24 12:24:31 +02:00
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "095129F1-9417-42F7-A797-22F62BA53945"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "32F3ACBB-87CA-43D2-8E32-2656BDCFEB8D"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_ciisafe_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FB6CDD66-A0A2-4939-960F-8DE9DF2BF8A1"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_ciisafe:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0488CEEA-9504-4619-80F2-106AF8A3E4A1"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_logistics_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6E7FFB91-0ACC-43DC-AFAA-DBBD1E10C21C"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_logistics:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E0197950-E007-4748-89B5-06A1ABA06E39"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_medbank_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5E62C14F-58E7-4A40-880C-1A6E848122B4"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_medbank:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "246A5F4B-B994-4FC4-A696-1E67E2F9971B"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_medstation_4000_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FEDEB528-0AEE-40B3-8F89-69118CDB6FF1"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_medstation_4000:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "65167BF4-9505-4C1A-8E48-B772A74271F8"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_medstation_es_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AF6F4AA1-45B9-4DCB-BFA4-F6A6CA71508E"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_medstation_es:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CFB63AC0-5A51-494D-BDFA-BFD4B66A44D9"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_medstation_es_server_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B42C105A-FADE-4B60-ABFE-51298098EA4F"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_medstation_es_server:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "042CAB2C-F252-4769-B38B-4DEC2C8D109A"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_parassist_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3BDB2B7D-A212-4F34-AC20-5B6B79776707"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_parassist:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "192F2049-9575-48C2-9EF5-5CB8A2C0C65B"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_rapid_rx_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8C9F9BE7-A22F-40C7-B88B-10FB4D7D390F"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_rapid_rx:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FE6C17CA-3731-4214-9388-BEBFCF2509D0"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_stockstation_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "41030912-5C48-424A-83C1-516D82CCF762"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_stockstation:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2699D945-7724-4CDA-9542-A9954D0B0BF2"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_supplycenter_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1063ED97-BFB0-437D-BE94-ACA16FA1927B"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_supplycenter:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D619B7DE-C9A9-45FA-8A7F-DEED2838AD18"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_supplyroller_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3E9D58D9-2E46-49BD-B0F6-7A44236B639C"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_supplyroller:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "56199C09-6164-4E73-B868-C3FE5BC74C40"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_supplystation_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FF6ACF1A-D2A7-4EB2-9098-045E66B72AA1"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_supplystation:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "84A0B681-5D18-4D0F-B485-A90348AFD321"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_supplystation_ec_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "27CB7296-8A67-43A7-AC8C-09250093D500"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_supplystation_ec:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3EB2BE62-AFAC-443C-ABEB-F61D798B246B"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:pyxis_supplystation_rf_auxiliary_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5FC7D3CE-4742-40AD-93F0-C26488E73840"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:pyxis_supplystation_rf_auxiliary:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5584CAB1-0A32-4358-8CD1-F1F9AF332B0F"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:bd:rowa_pouch_packaging_systems_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "150594A6-6426-4A44-A1C4-40CEE69614C2"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:bd:rowa_pouch_packaging_systems:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C2F707E6-6F04-45E5-BA9C-0109A34AC160"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials" ,
"source" : "cybersecurity@bd.com" ,
"tags" : [
"Vendor Advisory"
]
2024-11-23 15:12:23 +00:00
} ,
{
"url" : "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
