CVE-2022-40263

Summary

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Becton Dickson (BD)BD Totalys MultiProcessor1.70 <= 1.70affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

Workarounds

Ensure physical access controls are in place and only authorized end-users have access to the BD Totalys™ MultiProcessor. If the BD Totalys MultiProcessor must be connected to a network, ensure industry standard network security policies and procedures are followed.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References