#VU69825 Missing Protection Mechanism for Alternate Hardware Interface in Becton, Dickinson and Company (BD) products - CVE-2022-43557
Published: December 2, 2022
Vulnerability identifier: #VU69825
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-43557
CWE-ID: CWE-1299
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
BD BodyGuard
CME BodyGuard 323 (2nd Edition)
CME BodyGuard 323 Color Vision (2nd Edition)
CME BodyGuard 323 Color Vision (3rd Edition)
CME BodyGuard Twins (2nd Edition)
BD BodyGuard
CME BodyGuard 323 (2nd Edition)
CME BodyGuard 323 Color Vision (2nd Edition)
CME BodyGuard 323 Color Vision (3rd Edition)
CME BodyGuard Twins (2nd Edition)
Software vendor:
Becton, Dickinson and Company (BD)
Becton, Dickinson and Company (BD)
Description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to the affected pumps allow for access through the RS-232 (serial) port interface. An attacker with physical access can disable the pump.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.