CVE-2022-22766
BD Pyxis Products - Hardcoded Credentials
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
11 Feb 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Becton Dickinson (BD) · BD Pyxis Anesthesia Station 4000Becton Dickinson (BD) · BD Pyxis Anesthesia Station ESBecton Dickinson (BD) · BD Pyxis CATOBecton Dickinson (BD) · BD Pyxis CIISafeBecton Dickinson (BD) · BD Pyxis Inventory ConnectBecton Dickinson (BD) · BD Pyxis IV PrepBecton Dickinson (BD) · BD Pyxis JITrBUDBecton Dickinson (BD) · BD Pyxis KanBan RFBecton Dickinson (BD) · BD Pyxis LogisticsBecton Dickinson (BD) · BD Pyxis MedBankBecton Dickinson (BD) · BD Pyxis Med Link FamilyBecton Dickinson (BD) · BD Pyxis MedStation 4000Becton Dickinson (BD) · BD Pyxis MedStation ESBecton Dickinson (BD) · BD Pyxis MedStation ES ServerBecton Dickinson (BD) · BD Pyxis ParAssistBecton Dickinson (BD) · BD Pyxis PharmoPackBecton Dickinson (BD) · BD Pyxis ProcedureStation (including EC)Becton Dickinson (BD) · BD Pyxis Rapid RxBecton Dickinson (BD) · BD Pyxis StockStationBecton Dickinson (BD) · BD Pyxis SupplyCenterBecton Dickinson (BD) · BD Pyxis SupplyRollerBecton Dickinson (BD) · BD Pyxis SupplyStation (including RF, EC, CP)Becton Dickinson (BD) · BD Pyxis Track and DeliverBecton Dickinson (BD) · BD Rowa Pouch Packaging SystemsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →