CVE-2022-22767 - OpenCVE

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Bd	Pyxis Stockstation Pyxis Ciisafe Firmware Pyxis Medstation Es Pyxis Stockstation Firmware Pyxis Medbank Pyxis Supplyroller Pyxis Supplystation Ec Firmware Pyxis Supplycenter Firmware Rowa Pouch Packaging Systems Firmware Pyxis Supplystation Rf Auxiliary Firmware Pyxis Supplystation Rf Auxiliary Pyxis Medbank Firmware Pyxis Logistics Firmware Pyxis Logistics Pyxis Supplystation Ec Pyxis Medstation 4000 Rowa Pouch Packaging Systems Pyxis Anesthesia Station Es Firmware Pyxis Medstation 4000 Firmware Pyxis Supplystation Firmware Pyxis Supplyroller Firmware Pyxis Anesthesia Station Es Pyxis Parassist Firmware Pyxis Rapid Rx Firmware Pyxis Medstation Es Server Pyxis Ciisafe Pyxis Supplycenter Pyxis Supplystation Pyxis Medstation Es Server Firmware Pyxis Parassist Pyxis Rapid Rx Pyxis Medstation Es Firmware

Configuration 1 [-]

AND

cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:bd:pyxis_ciisafe_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_ciisafe:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:bd:pyxis_logistics_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_logistics:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:bd:pyxis_medbank_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_medbank:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:bd:pyxis_medstation_4000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_medstation_4000:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:bd:pyxis_medstation_es_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_medstation_es:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:bd:pyxis_medstation_es_server_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_medstation_es_server:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:bd:pyxis_parassist_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_parassist:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:bd:pyxis_rapid_rx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_rapid_rx:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:bd:pyxis_stockstation_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_stockstation:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:bd:pyxis_supplycenter_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_supplycenter:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:bd:pyxis_supplyroller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_supplyroller:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:bd:pyxis_supplystation_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_supplystation:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:bd:pyxis_supplystation_ec_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_supplystation_ec:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:bd:pyxis_supplystation_rf_auxiliary_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:pyxis_supplystation_rf_auxiliary:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:bd:rowa_pouch_packaging_systems_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bd:rowa_pouch_packaging_systems:-:*:*:*:*:*:*:*

References

Link	Resource
https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: BD

Published: 2022-05-31T00:00:00

Updated: 2022-06-01T16:35:38

Reserved: 2022-01-07T00:00:00

Link: CVE-2022-22767

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-02T14:15:35.843

Modified: 2022-06-11T00:53:59.060

Link: CVE-2022-22767

JSON object: View

Redhat Information

No data.

CWE