#VU63899 Not Using Password Aging in Becton, Dickinson and Company (BD) products - CVE-2022-22767
Published: June 1, 2022
Vulnerability identifier: #VU63899
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-22767
CWE-ID: CWE-262
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
(BD) Pyxis ES Anesthesia Station
(BD) Pyxis CIISafe
(BD) Pyxis Logistics
(BD) Pyxis MedBank
(BD) Pyxis MedStation 4000
(BD) Pyxis MedStation ES
(BD) Pyxis MedStation ES Server
(BD) Pyxis ParAssist
(BD) Pyxis Rapid Rx
(BD) Pyxis StockStation
(BD) Pyxis SupplyCenter
(BD) Pyxis SupplyRoller
(BD) Pyxis SupplyStation
(BD) Pyxis SupplyStation EC
(BD) Pyxis SupplyStation RF auxiliary
(BD) Rowa Pouch Packaging Systems
(BD) Pyxis ES Anesthesia Station
(BD) Pyxis CIISafe
(BD) Pyxis Logistics
(BD) Pyxis MedBank
(BD) Pyxis MedStation 4000
(BD) Pyxis MedStation ES
(BD) Pyxis MedStation ES Server
(BD) Pyxis ParAssist
(BD) Pyxis Rapid Rx
(BD) Pyxis StockStation
(BD) Pyxis SupplyCenter
(BD) Pyxis SupplyRoller
(BD) Pyxis SupplyStation
(BD) Pyxis SupplyStation EC
(BD) Pyxis SupplyStation RF auxiliary
(BD) Rowa Pouch Packaging Systems
Software vendor:
Becton, Dickinson and Company (BD)
Becton, Dickinson and Company (BD)
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected products are installed with default credentials and may still operate with these credentials. A remote attacker on the local network can gain privileged access to the underlying file system and gain access to ePHI or other sensitive information.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.