CVE-2022-22766: BD Pyxis Products - Hardcoded Credentials
First published: Fri Feb 11 2022(Updated: )
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
Credit: cybersecurity@bd.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bd Pyxis Anesthesia Station Es | ||
| Bd Pyxis Anesthesia Station Es Firmware | ||
| Bd Pyxis Anesthesia Station 4000 Firmware | ||
| Bd Pyxis Anesthesia Station 4000 Firmware | ||
| Bd Pyxis Cato Firmware | ||
| Bd Pyxis Cato Firmware | ||
| Bd Pyxis Ciisafe Firmware | ||
| Bd Pyxis Ciisafe | ||
| Bd Pyxis Inventory Connect | ||
| Bd Pyxis Inventory Connect | ||
| Bd Pyxis Iv Prep Firmware | ||
| Bd Pyxis Iv Prep Firmware | ||
| Bd Pyxis Jitrbud Firmware | ||
| Bd Pyxis Jitrbud Firmware | ||
| Bd Pyxis Kanban Rf Firmware | ||
| Bd Pyxis Kanban Rf Firmware | ||
| Bd Pyxis Logistics | ||
| Bd Pyxis Logistics | ||
| Bd Pyxis Med Link Family Firmware | ||
| Bd Pyxis Med Link Family Firmware | ||
| Bd Pyxis Medbank | ||
| Bd Pyxis Medbank | ||
| Bd Pyxis Medstation 4000 Firmware | ||
| Bd Pyxis Medstation 4000 Firmware | ||
| Bd Pyxis Anesthesia Station Es Firmware | ||
| Bd Pyxis Medstation Es Firmware | ||
| Bd Pyxis Medstation Es Firmware | ||
| Bd Pyxis Medstation Es Server Firmware | ||
| Bd Pyxis Parassist Firmware | ||
| Bd Pyxis Parassist Firmware | ||
| Bd Pyxis Pharmopack Firmware | ||
| Bd Pyxis Pharmopack | ||
| Bd Pyxis Procedurestation Firmware | ||
| Bd Pyxis Procedurestation Firmware | ||
| Bd Pyxis Rapid Rx | ||
| Bd Pyxis Rapid Rx Firmware | ||
| Bd Pyxis Stockstation Firmware | ||
| Bd Pyxis Stockstation Firmware | ||
| BD Pyxis SupplyCenter | ||
| BD Pyxis SupplyCenter | ||
| Bd Pyxis Supplyroller Firmware | ||
| Bd Pyxis Supplyroller | ||
| Bd Pyxis Supplystation Firmware | ||
| CareFusion Pyxis SupplyStation | ||
| Bd Pyxis Track And Deliver Firmware | ||
| Bd Pyxis Track And Deliver Firmware | ||
| Bd Rowa Pouch Packaging Systems Firmware | ||
| Bd Rowa Pouch Packaging Systems Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-22766?
CVE-2022-22766 is a vulnerability that involves the use of hardcoded credentials in specific BD Pyxis products.
How does CVE-2022-22766 impact the affected BD Pyxis products?
If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI).
What is the severity level of CVE-2022-22766?
CVE-2022-22766 has a severity level of high, with a CVSS score of 5.5.
Which BD Pyxis products are affected by CVE-2022-22766?
BD Pyxis Anesthesia Station ES Firmware, BD Pyxis Anesthesia Station 4000 Firmware, Bd Pyxis Cato Firmware, Bd Pyxis Ciisafe Firmware, Bd Pyxis Inventory Connect Firmware, Bd Pyxis Iv Prep Firmware, Bd Pyxis Jitrbud Firmware, Bd Pyxis Kanban Rf Firmware, Bd Pyxis Logistics Firmware, Bd Pyxis Med Link Family Firmware, Bd Pyxis Medbank Firmware, Bd Pyxis Medstation 4000 Firmware, Bd Pyxis Medstation Es Firmware, Bd Pyxis Medstation Es Server Firmware, Bd Pyxis Parassist Firmware, Bd Pyxis Pharmopack Firmware, Bd Pyxis Procedurestation Firmware, Bd Pyxis Rapid Rx Firmware, Bd Pyxis Stockstation Firmware, Bd Pyxis Supplycenter Firmware, Bd Pyxis Supplyroller Firmware, Bd Pyxis Supplystation Firmware, Bd Pyxis Track And Deliver Firmware, Bd Rowa Pouch Packaging Systems Firmware.
How can I fix CVE-2022-22766?
To fix CVE-2022-22766, it is recommended to apply the necessary patches and updates provided by BD Pyxis, following the guidance and instructions mentioned in the official bulletins and patches released by the company.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/bd
- canonical/bd pyxis anesthesia station es
- canonical/bd pyxis anesthesia station es firmware
- canonical/bd pyxis anesthesia station 4000 firmware
- canonical/bd pyxis cato firmware
- canonical/bd pyxis ciisafe firmware
- canonical/bd pyxis ciisafe
- canonical/bd pyxis inventory connect
- canonical/bd pyxis iv prep firmware
- canonical/bd pyxis jitrbud firmware
- canonical/bd pyxis kanban rf firmware
- canonical/bd pyxis logistics
- canonical/bd pyxis med link family firmware
- canonical/bd pyxis medbank
- canonical/bd pyxis medstation 4000 firmware
- canonical/bd pyxis medstation es firmware
- canonical/bd pyxis medstation es server firmware
- canonical/bd pyxis parassist firmware
- canonical/bd pyxis pharmopack firmware
- canonical/bd pyxis pharmopack
- canonical/bd pyxis procedurestation firmware
- canonical/bd pyxis rapid rx
- canonical/bd pyxis rapid rx firmware
- canonical/bd pyxis stockstation firmware
- canonical/bd pyxis supplycenter
- canonical/bd pyxis supplyroller firmware
- canonical/bd pyxis supplyroller
- canonical/bd pyxis supplystation firmware
- canonical/carefusion pyxis supplystation
- canonical/bd pyxis track and deliver firmware
- canonical/bd rowa pouch packaging systems firmware