CVE-2022-22766
Published: Feb 11, 2022
Modified: Sep 16, 2024
CVSS v3.1
7.0
Description
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
| Vendor | Product | Versions |
|---|---|---|
Becton Dickinson (BD) | BD Pyxis Anesthesia Station ES | affected All |
Becton Dickinson (BD) | BD Pyxis Anesthesia Station 4000 | affected All |
Becton Dickinson (BD) | BD Pyxis CATO | affected All |
Becton Dickinson (BD) | BD Pyxis CIISafe | affected All |
Becton Dickinson (BD) | BD Pyxis Inventory Connect | affected All |
Becton Dickinson (BD) | BD Pyxis IV Prep | affected All |
Becton Dickinson (BD) | BD Pyxis JITrBUD | affected All |
Becton Dickinson (BD) | BD Pyxis KanBan RF | affected All |
Becton Dickinson (BD) | BD Pyxis Logistics | affected All |
Becton Dickinson (BD) | BD Pyxis Med Link Family | affected All |
Becton Dickinson (BD) | BD Pyxis MedBank | affected All |
Becton Dickinson (BD) | BD Pyxis MedStation 4000 | affected All |
Becton Dickinson (BD) | BD Pyxis MedStation ES | affected All |
Becton Dickinson (BD) | BD Pyxis MedStation ES Server | affected All |
Becton Dickinson (BD) | BD Pyxis ParAssist | affected All |
Becton Dickinson (BD) | BD Pyxis PharmoPack | affected All |
Becton Dickinson (BD) | BD Pyxis ProcedureStation (including EC) | affected All |
Becton Dickinson (BD) | BD Pyxis Rapid Rx | affected All |
Becton Dickinson (BD) | BD Pyxis StockStation | affected All |
Becton Dickinson (BD) | BD Pyxis SupplyCenter | affected All |
Becton Dickinson (BD) | BD Pyxis SupplyRoller | affected All |
Becton Dickinson (BD) | BD Pyxis SupplyStation (including RF, EC, CP) | affected All |
Becton Dickinson (BD) | BD Pyxis Track and Deliver | affected All |
Becton Dickinson (BD) | BD Rowa Pouch Packaging Systems | affected All |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now