CVE-2022-43557
BD BodyGuard™ Pumps – RS-232 Interface Vulnerability
In short
BD BodyGuard infusion pumps can be accessed through their serial port if someone has physical access and specialized equipment. An attacker could potentially change pump settings or disable it, which is dangerous in a medical setting.
Technical detail
The RS-232 serial interface on BD BodyGuard pumps lacks sufficient access controls, allowing an unauthenticated attacker with physical proximity and specialized serial communication equipment to reconfigure or disable pump functionality. No patient data is stored on the device, limiting data exfiltration impact, but operational availability and device integrity are compromised.
Summary generated and translated by AI from the official description.
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Affected products
Becton, Dickinson and Company (BD) · BodyGuard™ PumpWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →