CVE-2022-22766

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-22766
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:bd:pyxis_anesthesia_station_4000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_anesthesia_station_4000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:bd:pyxis_cato_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_cato:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:bd:pyxis_ciisafe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_ciisafe:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:bd:pyxis_inventory_connect_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_inventory_connect:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:bd:pyxis_iv_prep_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_iv_prep:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:bd:pyxis_jitrbud_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_jitrbud:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:bd:pyxis_kanban_rf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_kanban_rf:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:bd:pyxis_logistics_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_logistics:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:bd:pyxis_med_link_family_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_med_link_family:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:bd:pyxis_medbank_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medbank:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:bd:pyxis_medstation_4000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medstation_4000:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:bd:pyxis_medstation_es_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medstation_es:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:bd:pyxis_medstation_es_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medstation_es_server:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:bd:pyxis_parassist_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_parassist:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:bd:pyxis_pharmopack_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_pharmopack:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:bd:pyxis_procedurestation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_procedurestation:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:bd:pyxis_rapid_rx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_rapid_rx:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:bd:pyxis_stockstation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_stockstation:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:bd:pyxis_supplycenter_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_supplycenter:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:bd:pyxis_supplyroller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_supplyroller:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:bd:pyxis_supplystation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_supplystation:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:bd:pyxis_track_and_deliver_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_track_and_deliver:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:bd:rowa_pouch_packaging_systems_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:rowa_pouch_packaging_systems:-:*:*:*:*:*:*:*
History

11 May 2022, 14:59

Type Values Removed Values Added
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01 - Third Party Advisory, US Government Resource

10 Mar 2022, 17:45

Type Values Removed Values Added
References
  • (MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01 -

22 Feb 2022, 20:01

Type Values Removed Values Added
CPE cpe:2.3:h:bd:pyxis_med_link_family:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_iv_prep:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_pharmopack_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_jitrbud_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:rowa_pouch_packaging_systems:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_anesthesia_station_4000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_pharmopack:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_cato:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_track_and_deliver:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_ciisafe:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_supplyroller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_medstation_es_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_medstation_4000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medstation_es:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_parassist_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_stockstation:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_supplyroller:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_ciisafe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_medstation_es_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_logistics_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medbank:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medstation_4000:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_cato_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bd:rowa_pouch_packaging_systems_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_parassist:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_stockstation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_supplycenter:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_kanban_rf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_logistics:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_iv_prep_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_jitrbud:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_supplystation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_medbank_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_inventory_connect:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_inventory_connect_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_rapid_rx:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_track_and_deliver_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_rapid_rx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_med_link_family_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medstation_es_server:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_supplycenter_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_procedurestation:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_supplystation:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_kanban_rf:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:pyxis_procedurestation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_anesthesia_station_4000:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 2.1
v3 : 5.5
CWE CWE-798
References (CONFIRM) https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials - (CONFIRM) https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials - Vendor Advisory
First Time Bd pyxis Cato
Bd pyxis Rapid Rx Firmware
Bd pyxis Pharmopack Firmware
Bd
Bd pyxis Logistics
Bd rowa Pouch Packaging Systems
Bd pyxis Anesthesia Station Es Firmware
Bd pyxis Supplycenter Firmware
Bd pyxis Track And Deliver Firmware
Bd pyxis Anesthesia Station 4000
Bd pyxis Iv Prep
Bd pyxis Inventory Connect
Bd pyxis Supplyroller
Bd pyxis Med Link Family Firmware
Bd pyxis Supplystation Firmware
Bd pyxis Kanban Rf
Bd pyxis Anesthesia Station Es
Bd pyxis Medstation Es Server
Bd pyxis Medstation 4000 Firmware
Bd pyxis Stockstation Firmware
Bd pyxis Anesthesia Station 4000 Firmware
Bd pyxis Medstation 4000
Bd pyxis Inventory Connect Firmware
Bd pyxis Parassist
Bd pyxis Ciisafe Firmware
Bd pyxis Medstation Es Server Firmware
Bd pyxis Medbank Firmware
Bd pyxis Rapid Rx
Bd pyxis Medstation Es Firmware
Bd pyxis Supplystation
Bd rowa Pouch Packaging Systems Firmware
Bd pyxis Ciisafe
Bd pyxis Jitrbud Firmware
Bd pyxis Medstation Es
Bd pyxis Stockstation
Bd pyxis Medbank
Bd pyxis Logistics Firmware
Bd pyxis Med Link Family
Bd pyxis Track And Deliver
Bd pyxis Procedurestation Firmware
Bd pyxis Jitrbud
Bd pyxis Supplyroller Firmware
Bd pyxis Supplycenter
Bd pyxis Procedurestation
Bd pyxis Cato Firmware
Bd pyxis Parassist Firmware
Bd pyxis Pharmopack
Bd pyxis Kanban Rf Firmware
Bd pyxis Iv Prep Firmware

11 Feb 2022, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-02-11 19:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-22766

Mitre link : CVE-2022-22766

CVE.ORG link : CVE-2022-22766

JSON object : View

Products Affected

bd

  • pyxis_logistics
  • pyxis_med_link_family_firmware
  • pyxis_medstation_es_server
  • pyxis_anesthesia_station_4000_firmware
  • pyxis_iv_prep
  • pyxis_track_and_deliver_firmware
  • pyxis_anesthesia_station_es_firmware
  • pyxis_kanban_rf
  • pyxis_rapid_rx
  • pyxis_supplyroller
  • pyxis_parassist_firmware
  • pyxis_medstation_es
  • pyxis_jitrbud_firmware
  • pyxis_cato
  • pyxis_supplyroller_firmware
  • pyxis_medbank
  • pyxis_ciisafe_firmware
  • pyxis_jitrbud
  • pyxis_medstation_es_firmware
  • pyxis_stockstation
  • pyxis_cato_firmware
  • rowa_pouch_packaging_systems
  • pyxis_medbank_firmware
  • pyxis_parassist
  • pyxis_supplystation_firmware
  • pyxis_supplystation
  • pyxis_ciisafe
  • pyxis_track_and_deliver
  • pyxis_logistics_firmware
  • pyxis_supplycenter
  • pyxis_procedurestation_firmware
  • pyxis_supplycenter_firmware
  • pyxis_pharmopack_firmware
  • pyxis_med_link_family
  • pyxis_pharmopack
  • pyxis_anesthesia_station_4000
  • pyxis_anesthesia_station_es
  • pyxis_medstation_4000_firmware
  • pyxis_kanban_rf_firmware
  • pyxis_inventory_connect_firmware
  • pyxis_procedurestation
  • pyxis_stockstation_firmware
  • pyxis_inventory_connect
  • pyxis_medstation_4000
  • rowa_pouch_packaging_systems_firmware
  • pyxis_iv_prep_firmware
  • pyxis_medstation_es_server_firmware
  • pyxis_rapid_rx_firmware
CWE
CWE-798

Use of Hard-coded Credentials