Vulnerability Description
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bd | Pyxis Anesthesia Station Es Firmware | All versions |
| Bd | Pyxis Anesthesia Station Es | - |
| Bd | Pyxis Anesthesia Station 4000 Firmware | All versions |
| Bd | Pyxis Anesthesia Station 4000 | - |
| Bd | Pyxis Cato Firmware | All versions |
| Bd | Pyxis Cato | - |
| Bd | Pyxis Ciisafe Firmware | All versions |
| Bd | Pyxis Ciisafe | - |
| Bd | Pyxis Inventory Connect Firmware | All versions |
| Bd | Pyxis Inventory Connect | - |
| Bd | Pyxis Iv Prep Firmware | All versions |
| Bd | Pyxis Iv Prep | - |
| Bd | Pyxis Jitrbud Firmware | All versions |
| Bd | Pyxis Jitrbud | - |
| Bd | Pyxis Kanban Rf Firmware | All versions |
| Bd | Pyxis Kanban Rf | - |
| Bd | Pyxis Logistics Firmware | All versions |
| Bd | Pyxis Logistics | - |
| Bd | Pyxis Med Link Family Firmware | All versions |
| Bd | Pyxis Med Link Family | - |
Related Weaknesses (CWE)
References
- https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcodedVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01Third Party AdvisoryUS Government Resource
- https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcodedVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2022-22766?
CVE-2022-22766 is a vulnerability with a CVSS score of 7.0 (HIGH). Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for i...
How severe is CVE-2022-22766?
CVE-2022-22766 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22766?
Check the references section above for vendor advisories and patch information. Affected products include: Bd Pyxis Anesthesia Station Es Firmware, Bd Pyxis Anesthesia Station Es, Bd Pyxis Anesthesia Station 4000 Firmware, Bd Pyxis Anesthesia Station 4000, Bd Pyxis Cato Firmware.