Vulnerability Description
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bd | Totalys Multiprocessor Firmware | < 1.71 |
| Bd | Totalys Multiprocessor | - |
Related Weaknesses (CWE)
References
- https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-totalys-multiprocessVendor Advisory
- https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-totalys-multiprocessVendor Advisory
FAQ
What is CVE-2022-40263?
CVE-2022-40263 is a vulnerability with a CVSS score of 6.6 (MEDIUM). BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic pro...
How severe is CVE-2022-40263?
CVE-2022-40263 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40263?
Check the references section above for vendor advisories and patch information. Affected products include: Bd Totalys Multiprocessor Firmware, Bd Totalys Multiprocessor.