{ "id": "CVE-2022-22766", "sourceIdentifier": "cybersecurity@bd.com", "published": "2022-02-11T19:15:08.850", "lastModified": "2024-11-21T06:47:24.280", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information." }, { "lang": "es", "value": "Unas credenciales embebidas son usadas en productos espec\u00edficos de BD Pyxis. Si es explotado, los actores de la amenaza pueden ser capaces de conseguir acceso al sistema de archivos subyacente y podr\u00edan potencialmente explotar los archivos de la aplicaci\u00f3n para obtener informaci\u00f3n que podr\u00eda ser usada para descifrar las credenciales de la aplicaci\u00f3n o para conseguir acceso a la informaci\u00f3n de salud electr\u00f3nica protegida (ePHI) u otra informaci\u00f3n confidencial" } ], "metrics": { "cvssMetricV31": [ { "source": "cybersecurity@bd.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.0, "impactScore": 5.9 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "baseScore": 2.1, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "baseSeverity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "cybersecurity@bd.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-798" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-798" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBE68344-E519-4DEF-A91F-4094E0D88353" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F3ACBB-87CA-43D2-8E32-2656BDCFEB8D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_anesthesia_station_4000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "97F86D1E-67B1-4C44-8F19-27271D4FF80D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_anesthesia_station_4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "5261A6F0-0C16-48A4-AC8E-C56616C3EB69" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_cato_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF216527-C831-4DDA-B06D-9EC32DC4E9D0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_cato:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DDB0372-AC19-4D48-892D-B188900B4D05" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_ciisafe_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3974AAD5-FDF0-49FD-AC76-77A0318A6A8E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_ciisafe:-:*:*:*:*:*:*:*", "matchCriteriaId": "0488CEEA-9504-4619-80F2-106AF8A3E4A1" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_inventory_connect_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E01B870-A465-4BB7-A8CC-D3A25C1C307A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_inventory_connect:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFB422BA-952D-4500-AF88-53F2CD55971A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_iv_prep_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "99594833-0248-4484-9A80-C19D80DF5B05" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_iv_prep:-:*:*:*:*:*:*:*", "matchCriteriaId": "B4F467ED-38A7-40C2-A5B7-5437780A58D0" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_jitrbud_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C4E95E6-96B2-4A7D-A4F4-ECB6617762F9" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_jitrbud:-:*:*:*:*:*:*:*", "matchCriteriaId": "07D68CF9-39A2-4CCA-90A1-C48EA64D292B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_kanban_rf_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0A5299E-F3AC-4813-8800-B8C8EDBC1624" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_kanban_rf:-:*:*:*:*:*:*:*", "matchCriteriaId": "000D25AC-F562-4E8D-B9E9-F82B9751C9C5" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_logistics_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "065D8497-C15B-4C16-B4F2-8BC47B556079" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_logistics:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0197950-E007-4748-89B5-06A1ABA06E39" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_med_link_family_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B87C798-EC9F-4EA0-83AA-0CFBBC97FA01" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_med_link_family:-:*:*:*:*:*:*:*", "matchCriteriaId": "25BD8F0D-A061-45E8-9388-0FFD8C62FDA8" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_medbank_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B5FEF7B-2C20-4D41-BEE7-3E07B7E7C69C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_medbank:-:*:*:*:*:*:*:*", "matchCriteriaId": "246A5F4B-B994-4FC4-A696-1E67E2F9971B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_medstation_4000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B064580E-A862-4F20-A767-CF8CFC5972D4" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_medstation_4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "65167BF4-9505-4C1A-8E48-B772A74271F8" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_medstation_es_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A426FE1F-6BC9-4290-9940-4D2209850412" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_medstation_es:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB63AC0-5A51-494D-BDFA-BFD4B66A44D9" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_medstation_es_server_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BA6158B-0D28-4CF6-8150-704605860F23" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_medstation_es_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "042CAB2C-F252-4769-B38B-4DEC2C8D109A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_parassist_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6D84B80-87CB-4ADA-9937-6F5981593AE2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_parassist:-:*:*:*:*:*:*:*", "matchCriteriaId": "192F2049-9575-48C2-9EF5-5CB8A2C0C65B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_pharmopack_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F938C6B4-0990-44F9-8B23-22DE96E4D303" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_pharmopack:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1AF993B-08A3-42BE-B037-20137BFA3BB4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_procedurestation_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F56324F6-B50E-4DF3-B90B-AD6A1FB4CC2E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_procedurestation:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F34CF1E-C07A-4AE9-AD7A-EDD060EE64D2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_rapid_rx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "581094C6-A881-4A94-9BF6-8535424A374B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_rapid_rx:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE6C17CA-3731-4214-9388-BEBFCF2509D0" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_stockstation_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F44FA73D-106A-4466-8742-BC224CED9AD2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_stockstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "2699D945-7724-4CDA-9542-A9954D0B0BF2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_supplycenter_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB1D7FBA-EDD7-469E-B144-6BD4B7373F22" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_supplycenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "D619B7DE-C9A9-45FA-8A7F-DEED2838AD18" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_supplyroller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AF17CD6-4F0B-4FAB-9CCD-8223C4FE4D3E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_supplyroller:-:*:*:*:*:*:*:*", "matchCriteriaId": "56199C09-6164-4E73-B868-C3FE5BC74C40" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_supplystation_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D153724-31AE-4474-8F2E-9B5D7C2D7CE9" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_supplystation:-:*:*:*:*:*:*:*", "matchCriteriaId": "84A0B681-5D18-4D0F-B485-A90348AFD321" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:pyxis_track_and_deliver_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "119BFE9F-7FEA-454B-B373-298673069938" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:pyxis_track_and_deliver:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B02A859-9DEE-40BF-822B-BDB2AFEAB886" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bd:rowa_pouch_packaging_systems_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C472FE3-C043-456A-827C-F9E2ED704A52" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bd:rowa_pouch_packaging_systems:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2F707E6-6F04-45E5-BA9C-0109A34AC160" } ] } ] } ], "references": [ { "url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials", "source": "cybersecurity@bd.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01", "source": "cybersecurity@bd.com", "tags": [ "Third Party Advisory", "US Government Resource" ] }, { "url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ] } ] }