CVE-2022-43557

BD BodyGuard™ Pumps – RS-232 Interface Vulnerability

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.

Las bombas de infusión BD BodyGuard™ especificadas permiten el acceso a través de la interfaz del puerto RS-232 (serie). Si se explotan, los actores de amenazas con acceso físico, equipo especializado y conocimientos pueden configurar o desactivar la bomba. En la bomba no se almacena información de salud electrónica protegida (ePHI), información de salud protegida (PHI) ni información de identificación personal (PII).

*Credits: N/A

CVSS Scores

NISTv3.1 5.3

Attack Vector

Physical

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-20 CVE Reserved
2022-12-05 CVE Published
2024-06-27 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication
CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface

CAPEC

CAPEC-115: Authentication Bypass

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-bodyguard-pumps-rs-232-interface-vulnerability	2023-10-27

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bd Search vendor "Bd"	Bodyguard 999-603 Firmware Search vendor "Bd" for product "Bodyguard 999-603 Firmware"	-	-	Affected	in	Bd Search vendor "Bd"	Bodyguard 999-603 Search vendor "Bd" for product "Bodyguard 999-603"	-	-	Safe
Bd Search vendor "Bd"	Bodyguard Duo 999-903 Firmware Search vendor "Bd" for product "Bodyguard Duo 999-903 Firmware"	-	-	Affected	in	Bd Search vendor "Bd"	Bodyguard Duo 999-903 Search vendor "Bd" for product "Bodyguard Duo 999-903"	-	-	Safe
Bd Search vendor "Bd"	Bodyguard Epidural 999-683 Firmware Search vendor "Bd" for product "Bodyguard Epidural 999-683 Firmware"	-	-	Affected	in	Bd Search vendor "Bd"	Bodyguard Epidural 999-683 Search vendor "Bd" for product "Bodyguard Epidural 999-683"	-	-	Safe
Bd Search vendor "Bd"	Bodyguard Pain Manager 999-803 Firmware Search vendor "Bd" for product "Bodyguard Pain Manager 999-803 Firmware"	-	-	Affected	in	Bd Search vendor "Bd"	Bodyguard Pain Manager 999-803 Search vendor "Bd" for product "Bodyguard Pain Manager 999-803"	-	-	Safe
Bd Search vendor "Bd"	Bodyguard T 999-103 Firmware Search vendor "Bd" for product "Bodyguard T 999-103 Firmware"	-	-	Affected	in	Bd Search vendor "Bd"	Bodyguard T 999-103 Search vendor "Bd" for product "Bodyguard T 999-103"	-	-	Safe
Bd Search vendor "Bd"	Bodyguard 323 Colorvision Firmware Search vendor "Bd" for product "Bodyguard 323 Colorvision Firmware"	-	-	Affected	in	Bd Search vendor "Bd"	Bodyguard 323 Colorvision Search vendor "Bd" for product "Bodyguard 323 Colorvision"	-	-	Safe
Bd Search vendor "Bd"	Bodyguard 121 Twins Firmware Search vendor "Bd" for product "Bodyguard 121 Twins Firmware"	-	-	Affected	in	Bd Search vendor "Bd"	Bodyguard 121 Twins Search vendor "Bd" for product "Bodyguard 121 Twins"	-	-	Safe