CVE-2022-22767

EPSS 0.23%
Veröffentlicht 02.06.2022 14:15:35
Zuletzt bearbeitet 21.11.2024 06:47:24
Quelle cybersecurity@bd.com
CVE-Watchlists
Login
Unerledigt
Login

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bd ≫ Pyxis Anesthesia Station Es Firmware Version-

Bd ≫ Pyxis Anesthesia Station Es Version-

Bd ≫ Pyxis Ciisafe Firmware Version-

Bd ≫ Pyxis Ciisafe Version-

Bd ≫ Pyxis Logistics Firmware Version-

Bd ≫ Pyxis Logistics Version-

Bd ≫ Pyxis Medbank Firmware Version-

Bd ≫ Pyxis Medbank Version-

Bd ≫ Pyxis Medstation 4000 Firmware Version-

Bd ≫ Pyxis Medstation 4000 Version-

Bd ≫ Pyxis Medstation Es Firmware Version-

Bd ≫ Pyxis Medstation Es Version-

Bd ≫ Pyxis Medstation Es Server Firmware Version-

Bd ≫ Pyxis Medstation Es Server Version-

Bd ≫ Pyxis Parassist Firmware Version-

Bd ≫ Pyxis Parassist Version-

Bd ≫ Pyxis Rapid Rx Firmware Version-

Bd ≫ Pyxis Rapid Rx Version-

Bd ≫ Pyxis Stockstation Firmware Version-

Bd ≫ Pyxis Stockstation Version-

Bd ≫ Pyxis Supplycenter Firmware Version-

Bd ≫ Pyxis Supplycenter Version-

Bd ≫ Pyxis Supplyroller Firmware Version-

Bd ≫ Pyxis Supplyroller Version-

Bd ≫ Pyxis Supplystation Firmware Version-

Bd ≫ Pyxis Supplystation Version-

Bd ≫ Pyxis Supplystation Ec Firmware Version-

Bd ≫ Pyxis Supplystation Ec Version-

Bd ≫ Pyxis Supplystation Rf Auxiliary Firmware Version-

Bd ≫ Pyxis Supplystation Rf Auxiliary Version-

Bd ≫ Rowa Pouch Packaging Systems Firmware Version-

Bd ≫ Rowa Pouch Packaging Systems Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.453

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	8.3	6.5	10	AV:A/AC:L/Au:N/C:C/I:C/A:C
cybersecurity@bd.com	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-262 Not Using Password Aging

The product does not have a mechanism in place for managing password aging.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22767

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22767

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22767

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-22767