CVE-2022-22766

BD Pyxis Products - Hardcoded Credentials

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.

Unas credenciales embebidas son usadas en productos específicos de BD Pyxis. Si es explotado, los actores de la amenaza pueden ser capaces de conseguir acceso al sistema de archivos subyacente y podrían potencialmente explotar los archivos de la aplicación para obtener información que podría ser usada para descifrar las credenciales de la aplicación o para conseguir acceso a la información de salud electrónica protegida (ePHI) u otra información confidencial

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-07 CVE Reserved
2022-02-11 CVE Published
2023-09-04 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-798: Use of Hard-coded Credentials

CAPEC

References (2)

URL	Tag	Source
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials	2022-05-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bd Search vendor "Bd"	Pyxis Anesthesia Station Es Firmware Search vendor "Bd" for product "Pyxis Anesthesia Station Es Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Anesthesia Station Es Search vendor "Bd" for product "Pyxis Anesthesia Station Es"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Anesthesia Station 4000 Firmware Search vendor "Bd" for product "Pyxis Anesthesia Station 4000 Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Anesthesia Station 4000 Search vendor "Bd" for product "Pyxis Anesthesia Station 4000"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Cato Firmware Search vendor "Bd" for product "Pyxis Cato Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Cato Search vendor "Bd" for product "Pyxis Cato"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Ciisafe Firmware Search vendor "Bd" for product "Pyxis Ciisafe Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Ciisafe Search vendor "Bd" for product "Pyxis Ciisafe"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Inventory Connect Firmware Search vendor "Bd" for product "Pyxis Inventory Connect Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Inventory Connect Search vendor "Bd" for product "Pyxis Inventory Connect"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Iv Prep Firmware Search vendor "Bd" for product "Pyxis Iv Prep Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Iv Prep Search vendor "Bd" for product "Pyxis Iv Prep"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Jitrbud Firmware Search vendor "Bd" for product "Pyxis Jitrbud Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Jitrbud Search vendor "Bd" for product "Pyxis Jitrbud"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Kanban Rf Firmware Search vendor "Bd" for product "Pyxis Kanban Rf Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Kanban Rf Search vendor "Bd" for product "Pyxis Kanban Rf"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Logistics Firmware Search vendor "Bd" for product "Pyxis Logistics Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Logistics Search vendor "Bd" for product "Pyxis Logistics"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Med Link Family Firmware Search vendor "Bd" for product "Pyxis Med Link Family Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Med Link Family Search vendor "Bd" for product "Pyxis Med Link Family"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Medbank Firmware Search vendor "Bd" for product "Pyxis Medbank Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Medbank Search vendor "Bd" for product "Pyxis Medbank"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Medstation 4000 Firmware Search vendor "Bd" for product "Pyxis Medstation 4000 Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Medstation 4000 Search vendor "Bd" for product "Pyxis Medstation 4000"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Medstation Es Firmware Search vendor "Bd" for product "Pyxis Medstation Es Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Medstation Es Search vendor "Bd" for product "Pyxis Medstation Es"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Medstation Es Server Firmware Search vendor "Bd" for product "Pyxis Medstation Es Server Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Medstation Es Server Search vendor "Bd" for product "Pyxis Medstation Es Server"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Parassist Firmware Search vendor "Bd" for product "Pyxis Parassist Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Parassist Search vendor "Bd" for product "Pyxis Parassist"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Pharmopack Firmware Search vendor "Bd" for product "Pyxis Pharmopack Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Pharmopack Search vendor "Bd" for product "Pyxis Pharmopack"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Procedurestation Firmware Search vendor "Bd" for product "Pyxis Procedurestation Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Procedurestation Search vendor "Bd" for product "Pyxis Procedurestation"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Rapid Rx Firmware Search vendor "Bd" for product "Pyxis Rapid Rx Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Rapid Rx Search vendor "Bd" for product "Pyxis Rapid Rx"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Stockstation Firmware Search vendor "Bd" for product "Pyxis Stockstation Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Stockstation Search vendor "Bd" for product "Pyxis Stockstation"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Supplycenter Firmware Search vendor "Bd" for product "Pyxis Supplycenter Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Supplycenter Search vendor "Bd" for product "Pyxis Supplycenter"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Supplyroller Firmware Search vendor "Bd" for product "Pyxis Supplyroller Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Supplyroller Search vendor "Bd" for product "Pyxis Supplyroller"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Supplystation Firmware Search vendor "Bd" for product "Pyxis Supplystation Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Supplystation Search vendor "Bd" for product "Pyxis Supplystation"	-	-	Safe
Bd Search vendor "Bd"	Pyxis Track And Deliver Firmware Search vendor "Bd" for product "Pyxis Track And Deliver Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Pyxis Track And Deliver Search vendor "Bd" for product "Pyxis Track And Deliver"	-	-	Safe
Bd Search vendor "Bd"	Rowa Pouch Packaging Systems Firmware Search vendor "Bd" for product "Rowa Pouch Packaging Systems Firmware"	*	-	Affected	in	Bd Search vendor "Bd"	Rowa Pouch Packaging Systems Search vendor "Bd" for product "Rowa Pouch Packaging Systems"	-	-	Safe