CVE-2022-22767
BD Pyxis™ Products – Default Credentials
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.
Unos productos específicos de BD Pyxis™ se instalaron con credenciales por defecto y actualmente pueden seguir funcionando con estas credenciales. Puede haber situaciones en las que los productos BD Pyxis™ sean instalados con las mismas credenciales por defecto del sistema operativo local o con las credenciales de los servidores unidos a un dominio que pueden ser compartidas entre los distintos tipos de productos. Si es explotado, los actores de la amenaza pueden ser capaces de conseguir acceso privilegiado al sistema de archivos subyacente y podrían potencialmente explotar u conseguir acceso a ePHI u otra información confidencial
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-07 CVE Reserved
- 2022-06-01 CVE Published
- 2023-12-23 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-262: Not Using Password Aging
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials | 2022-06-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bd Search vendor "Bd" | Pyxis Anesthesia Station Es Firmware Search vendor "Bd" for product "Pyxis Anesthesia Station Es Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Anesthesia Station Es Search vendor "Bd" for product "Pyxis Anesthesia Station Es" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Ciisafe Firmware Search vendor "Bd" for product "Pyxis Ciisafe Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Ciisafe Search vendor "Bd" for product "Pyxis Ciisafe" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Logistics Firmware Search vendor "Bd" for product "Pyxis Logistics Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Logistics Search vendor "Bd" for product "Pyxis Logistics" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Medbank Firmware Search vendor "Bd" for product "Pyxis Medbank Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Medbank Search vendor "Bd" for product "Pyxis Medbank" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Medstation 4000 Firmware Search vendor "Bd" for product "Pyxis Medstation 4000 Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Medstation 4000 Search vendor "Bd" for product "Pyxis Medstation 4000" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Medstation Es Firmware Search vendor "Bd" for product "Pyxis Medstation Es Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Medstation Es Search vendor "Bd" for product "Pyxis Medstation Es" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Medstation Es Server Firmware Search vendor "Bd" for product "Pyxis Medstation Es Server Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Medstation Es Server Search vendor "Bd" for product "Pyxis Medstation Es Server" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Parassist Firmware Search vendor "Bd" for product "Pyxis Parassist Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Parassist Search vendor "Bd" for product "Pyxis Parassist" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Rapid Rx Firmware Search vendor "Bd" for product "Pyxis Rapid Rx Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Rapid Rx Search vendor "Bd" for product "Pyxis Rapid Rx" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Stockstation Firmware Search vendor "Bd" for product "Pyxis Stockstation Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Stockstation Search vendor "Bd" for product "Pyxis Stockstation" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Supplycenter Firmware Search vendor "Bd" for product "Pyxis Supplycenter Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Supplycenter Search vendor "Bd" for product "Pyxis Supplycenter" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Supplyroller Firmware Search vendor "Bd" for product "Pyxis Supplyroller Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Supplyroller Search vendor "Bd" for product "Pyxis Supplyroller" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Supplystation Firmware Search vendor "Bd" for product "Pyxis Supplystation Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Supplystation Search vendor "Bd" for product "Pyxis Supplystation" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Supplystation Ec Firmware Search vendor "Bd" for product "Pyxis Supplystation Ec Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Supplystation Ec Search vendor "Bd" for product "Pyxis Supplystation Ec" | - | - |
Safe
|
| Bd Search vendor "Bd" | Pyxis Supplystation Rf Auxiliary Firmware Search vendor "Bd" for product "Pyxis Supplystation Rf Auxiliary Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Pyxis Supplystation Rf Auxiliary Search vendor "Bd" for product "Pyxis Supplystation Rf Auxiliary" | - | - |
Safe
|
| Bd Search vendor "Bd" | Rowa Pouch Packaging Systems Firmware Search vendor "Bd" for product "Rowa Pouch Packaging Systems Firmware" | - | - |
Affected
| in | Bd Search vendor "Bd" | Rowa Pouch Packaging Systems Search vendor "Bd" for product "Rowa Pouch Packaging Systems" | - | - |
Safe
|