CVE-2022-22767
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Becton Dickinson (BD) | BD Pyxis™ Anesthesia ES Station | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ CIISafe | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ Logistics | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ MedBank | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ MedStation™ 4000 | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ MedStation™ ES | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ MedStation™ ES Server | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ ParAssist | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ Rapid Rx | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ StockStation | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ SupplyCenter | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ SupplyRoller | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ SupplyStation™ | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ SupplyStation™ EC | All versions | affected |
| Becton Dickinson (BD) | BD Pyxis™ SupplyStation™ RF auxiliary | All versions | affected |
| Becton Dickinson (BD) | BD Rowa™ Pouch Packaging Systems | All versions | affected |
Weaknesses
- CWE-262: CWE-262: Not Using Password Aging
Workarounds
Limit physical access to only authorized personnel. Tightly control management of system passwords provided to authorized users. Isolate affected products in a secure VLAN or behind firewalls with restricted access that only permits communication with trusted hosts in other networks when needed. Work with your local BD support team to ensure that patching and virus definitions are up to date. The BD Remote Support Services Solution for automated patching and virus definition management is an available solution for customer accounts.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.