CVE-2022-22766

BD Pyxis Products - Hardcoded Credentials

CVSS 7 HIGHEPSS 0.2%CWE-798

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Becton Dickinson (BD) · BD Pyxis Anesthesia Station 4000 Becton Dickinson (BD) · BD Pyxis Anesthesia Station ES Becton Dickinson (BD) · BD Pyxis CATO Becton Dickinson (BD) · BD Pyxis CIISafe Becton Dickinson (BD) · BD Pyxis Inventory Connect Becton Dickinson (BD) · BD Pyxis IV Prep Becton Dickinson (BD) · BD Pyxis JITrBUD Becton Dickinson (BD) · BD Pyxis KanBan RF Becton Dickinson (BD) · BD Pyxis Logistics Becton Dickinson (BD) · BD Pyxis MedBank Becton Dickinson (BD) · BD Pyxis Med Link Family Becton Dickinson (BD) · BD Pyxis MedStation 4000 Becton Dickinson (BD) · BD Pyxis MedStation ES Becton Dickinson (BD) · BD Pyxis MedStation ES Server Becton Dickinson (BD) · BD Pyxis ParAssist Becton Dickinson (BD) · BD Pyxis PharmoPack Becton Dickinson (BD) · BD Pyxis ProcedureStation (including EC)Becton Dickinson (BD) · BD Pyxis Rapid Rx Becton Dickinson (BD) · BD Pyxis StockStation Becton Dickinson (BD) · BD Pyxis SupplyCenter Becton Dickinson (BD) · BD Pyxis SupplyRoller Becton Dickinson (BD) · BD Pyxis SupplyStation (including RF, EC, CP)Becton Dickinson (BD) · BD Pyxis Track and Deliver Becton Dickinson (BD) · BD Rowa Pouch Packaging Systems

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01