{"id": "CVE-2022-22766", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cybersecurity@bd.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2022-02-11T19:15:08.850", "references": [{"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials", "tags": ["Vendor Advisory"], "source": "cybersecurity@bd.com"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cybersecurity@bd.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Secondary", "source": "cybersecurity@bd.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information."}, {"lang": "es", "value": "Unas credenciales embebidas son usadas en productos espec\u00edficos de BD Pyxis. Si es explotado, los actores de la amenaza pueden ser capaces de conseguir acceso al sistema de archivos subyacente y podr\u00edan potencialmente explotar los archivos de la aplicaci\u00f3n para obtener informaci\u00f3n que podr\u00eda ser usada para descifrar las credenciales de la aplicaci\u00f3n o para conseguir acceso a la informaci\u00f3n de salud electr\u00f3nica protegida (ePHI) u otra informaci\u00f3n confidencial"}], "lastModified": "2022-05-11T14:59:38.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBE68344-E519-4DEF-A91F-4094E0D88353"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "32F3ACBB-87CA-43D2-8E32-2656BDCFEB8D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_anesthesia_station_4000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97F86D1E-67B1-4C44-8F19-27271D4FF80D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_anesthesia_station_4000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5261A6F0-0C16-48A4-AC8E-C56616C3EB69"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_cato_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF216527-C831-4DDA-B06D-9EC32DC4E9D0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_cato:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0DDB0372-AC19-4D48-892D-B188900B4D05"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_ciisafe_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3974AAD5-FDF0-49FD-AC76-77A0318A6A8E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_ciisafe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0488CEEA-9504-4619-80F2-106AF8A3E4A1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_inventory_connect_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E01B870-A465-4BB7-A8CC-D3A25C1C307A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_inventory_connect:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EFB422BA-952D-4500-AF88-53F2CD55971A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_iv_prep_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99594833-0248-4484-9A80-C19D80DF5B05"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_iv_prep:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B4F467ED-38A7-40C2-A5B7-5437780A58D0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_jitrbud_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C4E95E6-96B2-4A7D-A4F4-ECB6617762F9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_jitrbud:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07D68CF9-39A2-4CCA-90A1-C48EA64D292B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_kanban_rf_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0A5299E-F3AC-4813-8800-B8C8EDBC1624"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_kanban_rf:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "000D25AC-F562-4E8D-B9E9-F82B9751C9C5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_logistics_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "065D8497-C15B-4C16-B4F2-8BC47B556079"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_logistics:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0197950-E007-4748-89B5-06A1ABA06E39"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_med_link_family_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B87C798-EC9F-4EA0-83AA-0CFBBC97FA01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_med_link_family:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "25BD8F0D-A061-45E8-9388-0FFD8C62FDA8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_medbank_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B5FEF7B-2C20-4D41-BEE7-3E07B7E7C69C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_medbank:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "246A5F4B-B994-4FC4-A696-1E67E2F9971B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_medstation_4000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B064580E-A862-4F20-A767-CF8CFC5972D4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_medstation_4000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65167BF4-9505-4C1A-8E48-B772A74271F8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_medstation_es_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A426FE1F-6BC9-4290-9940-4D2209850412"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_medstation_es:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CFB63AC0-5A51-494D-BDFA-BFD4B66A44D9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_medstation_es_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BA6158B-0D28-4CF6-8150-704605860F23"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_medstation_es_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "042CAB2C-F252-4769-B38B-4DEC2C8D109A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_parassist_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6D84B80-87CB-4ADA-9937-6F5981593AE2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_parassist:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "192F2049-9575-48C2-9EF5-5CB8A2C0C65B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_pharmopack_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F938C6B4-0990-44F9-8B23-22DE96E4D303"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_pharmopack:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1AF993B-08A3-42BE-B037-20137BFA3BB4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_procedurestation_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F56324F6-B50E-4DF3-B90B-AD6A1FB4CC2E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_procedurestation:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3F34CF1E-C07A-4AE9-AD7A-EDD060EE64D2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_rapid_rx_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "581094C6-A881-4A94-9BF6-8535424A374B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_rapid_rx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FE6C17CA-3731-4214-9388-BEBFCF2509D0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_stockstation_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F44FA73D-106A-4466-8742-BC224CED9AD2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_stockstation:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2699D945-7724-4CDA-9542-A9954D0B0BF2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_supplycenter_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB1D7FBA-EDD7-469E-B144-6BD4B7373F22"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_supplycenter:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D619B7DE-C9A9-45FA-8A7F-DEED2838AD18"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_supplyroller_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AF17CD6-4F0B-4FAB-9CCD-8223C4FE4D3E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_supplyroller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56199C09-6164-4E73-B868-C3FE5BC74C40"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_supplystation_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D153724-31AE-4474-8F2E-9B5D7C2D7CE9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_supplystation:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "84A0B681-5D18-4D0F-B485-A90348AFD321"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:pyxis_track_and_deliver_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "119BFE9F-7FEA-454B-B373-298673069938"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:pyxis_track_and_deliver:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7B02A859-9DEE-40BF-822B-BDB2AFEAB886"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:rowa_pouch_packaging_systems_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C472FE3-C043-456A-827C-F9E2ED704A52"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:rowa_pouch_packaging_systems:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2F707E6-6F04-45E5-BA9C-0109A34AC160"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@bd.com"}
