CVE-2022-22765
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Summary
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Becton Dickinson (BD) | BD Viper LT System | next of 2.0 < unspecified | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
Workarounds
Ensure physical access controls are in place and only authorized end-users have access to the BD Viperâ„¢ LT system. Disconnect the BD Viper LT system from network access, where applicable. If the BD Viper LT system must be connected to a network, ensure industry standard network security policies and procedures are followed.
ADP Enrichment
CVE Program Container
Additional References
- https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials
- https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02
References
- https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials
- https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.