Not Using Password Aging in Becton, Dickinson and Company (BD) products - CVE-2022-22767

 

Not Using Password Aging in Becton, Dickinson and Company (BD) products - CVE-2022-22767

Published: June 1, 2022


Vulnerability identifier: #VU63899
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-22767
CWE-ID: CWE-262
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Becton, Dickinson and Company (BD)
Affected software:
(BD) Pyxis ES Anesthesia Station
(BD) Pyxis CIISafe
(BD) Pyxis Logistics
(BD) Pyxis MedBank
(BD) Pyxis MedStation 4000
(BD) Pyxis MedStation ES
(BD) Pyxis MedStation ES Server
(BD) Pyxis ParAssist
(BD) Pyxis Rapid Rx
(BD) Pyxis StockStation
(BD) Pyxis SupplyCenter
(BD) Pyxis SupplyRoller
(BD) Pyxis SupplyStation
(BD) Pyxis SupplyStation EC
(BD) Pyxis SupplyStation RF auxiliary
(BD) Rowa Pouch Packaging Systems

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected products are installed with default credentials and may still operate with these credentials. A remote attacker on the local network can gain privileged access to the underlying file system and gain access to ePHI or other sensitive information. 


How to mitigate CVE-2022-22767

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources