7

CVE-2022-22766

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BdPyxis Cato Firmware
   BdPyxis Cato Version-
BdPyxis Ciisafe Firmware
   BdPyxis Ciisafe Version-
BdPyxis Iv Prep Firmware
   BdPyxis Iv Prep Version-
BdPyxis Jitrbud Firmware
   BdPyxis Jitrbud Version-
BdPyxis Medbank Firmware
   BdPyxis Medbank Version-
BdPyxis Rapid Rx Firmware
   BdPyxis Rapid Rx Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.15
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
cybersecurity@bd.com 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01
Third Party Advisory
US Government Resource