1. Home
  2. CVE Database
  3. CVE-2022-22767
HIGH · 8.8

CVE-2022-22767

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same ...

Vulnerability Description

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
BdPyxis Anesthesia Station Es Firmware-
BdPyxis Anesthesia Station Es-
BdPyxis Ciisafe Firmware-
BdPyxis Ciisafe-
BdPyxis Logistics Firmware-
BdPyxis Logistics-
BdPyxis Medbank Firmware-
BdPyxis Medbank-
BdPyxis Medstation 4000 Firmware-
BdPyxis Medstation 4000-
BdPyxis Medstation Es Firmware-
BdPyxis Medstation Es-
BdPyxis Medstation Es Server Firmware-
BdPyxis Medstation Es Server-
BdPyxis Parassist Firmware-
BdPyxis Parassist-
BdPyxis Rapid Rx Firmware-
BdPyxis Rapid Rx-
BdPyxis Stockstation Firmware-
BdPyxis Stockstation-

Related Weaknesses (CWE)

CWE-262CWE-522

References

FAQ

What is CVE-2022-22767?

CVE-2022-22767 is a vulnerability with a CVSS score of 8.8 (HIGH). Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same ...

How severe is CVE-2022-22767?

CVE-2022-22767 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22767?

Check the references section above for vendor advisories and patch information. Affected products include: Bd Pyxis Anesthesia Station Es Firmware, Bd Pyxis Anesthesia Station Es, Bd Pyxis Ciisafe Firmware, Bd Pyxis Ciisafe, Bd Pyxis Logistics Firmware.