high
7
CWE
798
Advisory Published
CVE Published
Updated

CVE-2022-22766: BD Pyxis Products - Hardcoded Credentials

First published: Fri Feb 11 2022(Updated: )

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.

Credit: cybersecurity@bd.com

Affected SoftwareAffected VersionHow to fix
Bd Pyxis Anesthesia Station Es Firmware
Bd Pyxis Anesthesia Station Es
Bd Pyxis Anesthesia Station 4000 Firmware
Bd Pyxis Anesthesia Station 4000
Bd Pyxis Cato Firmware
Bd Pyxis Cato
Bd Pyxis Ciisafe Firmware
Bd Pyxis Ciisafe
Bd Pyxis Inventory Connect Firmware
Bd Pyxis Inventory Connect
Bd Pyxis Iv Prep Firmware
Bd Pyxis Iv Prep
Bd Pyxis Jitrbud Firmware
Bd Pyxis Jitrbud
Bd Pyxis Kanban Rf Firmware
Bd Pyxis Kanban Rf
Bd Pyxis Logistics Firmware
Bd Pyxis Logistics
Bd Pyxis Med Link Family Firmware
Bd Pyxis Med Link Family
Bd Pyxis Medbank Firmware
Bd Pyxis Medbank
Bd Pyxis Medstation 4000 Firmware
Bd Pyxis Medstation 4000
Bd Pyxis Medstation Es Firmware
BD Pyxis MedStation ES
Bd Pyxis Medstation Es Server Firmware
Bd Pyxis Medstation Es Server
Bd Pyxis Parassist Firmware
Bd Pyxis Parassist
Bd Pyxis Pharmopack Firmware
Bd Pyxis Pharmopack
Bd Pyxis Procedurestation Firmware
Bd Pyxis Procedurestation
Bd Pyxis Rapid Rx Firmware
Bd Pyxis Rapid Rx
Bd Pyxis Stockstation Firmware
Bd Pyxis Stockstation
Bd Pyxis Supplycenter Firmware
Bd Pyxis Supplycenter
Bd Pyxis Supplyroller Firmware
Bd Pyxis Supplyroller
Bd Pyxis Supplystation Firmware
Bd Pyxis Supplystation
Bd Pyxis Track And Deliver Firmware
Bd Pyxis Track And Deliver
Bd Rowa Pouch Packaging Systems Firmware
Bd Rowa Pouch Packaging Systems

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-22766?

    CVE-2022-22766 is a vulnerability that involves the use of hardcoded credentials in specific BD Pyxis products.

  • How does CVE-2022-22766 impact the affected BD Pyxis products?

    If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI).

  • What is the severity level of CVE-2022-22766?

    CVE-2022-22766 has a severity level of high, with a CVSS score of 5.5.

  • Which BD Pyxis products are affected by CVE-2022-22766?

    BD Pyxis Anesthesia Station ES Firmware, BD Pyxis Anesthesia Station 4000 Firmware, Bd Pyxis Cato Firmware, Bd Pyxis Ciisafe Firmware, Bd Pyxis Inventory Connect Firmware, Bd Pyxis Iv Prep Firmware, Bd Pyxis Jitrbud Firmware, Bd Pyxis Kanban Rf Firmware, Bd Pyxis Logistics Firmware, Bd Pyxis Med Link Family Firmware, Bd Pyxis Medbank Firmware, Bd Pyxis Medstation 4000 Firmware, Bd Pyxis Medstation Es Firmware, Bd Pyxis Medstation Es Server Firmware, Bd Pyxis Parassist Firmware, Bd Pyxis Pharmopack Firmware, Bd Pyxis Procedurestation Firmware, Bd Pyxis Rapid Rx Firmware, Bd Pyxis Stockstation Firmware, Bd Pyxis Supplycenter Firmware, Bd Pyxis Supplyroller Firmware, Bd Pyxis Supplystation Firmware, Bd Pyxis Track And Deliver Firmware, Bd Rowa Pouch Packaging Systems Firmware.

  • How can I fix CVE-2022-22766?

    To fix CVE-2022-22766, it is recommended to apply the necessary patches and updates provided by BD Pyxis, following the guidance and instructions mentioned in the official bulletins and patches released by the company.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203