CVE-2022-22765

BD Viper LT System - Hardcoded Credentials

CVSS 8 HIGHEPSS 0.2%CWE-798

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

12 Feb 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Affected products

Becton Dickinson (BD) · BD Viper LT System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02