What is CVE-2022-40263?

CVE-2022-40263 is a vulnerability in BD Totalys MultiProcessor versions 1.70 and earlier that allows threat actors to access, modify, or delete sensitive information due to hardcoded credentials.

What is the severity of CVE-2022-40263?

CVE-2022-40263 has a severity score of 7.8, which is considered high.

How does CVE-2022-40263 impact BD Totalys MultiProcessor?

CVE-2022-40263 allows threat actors to exploit the hardcoded credentials in BD Totalys MultiProcessor versions 1.70 and earlier, potentially gaining unauthorized access to sensitive information.

How can I fix CVE-2022-40263?

To fix CVE-2022-40263, it is recommended to update BD Totalys MultiProcessor to version 1.71 or later, which addresses the hardcoded credentials vulnerability.

Vulnerability/
CVE-2022-40263

high

7.8

CWE

798

4/11/2022

17/9/2024

CVE-2022-40263: BD Totalys MultiProcessor - Hardcoded Credentials

Q: What could happen if CVE-2022-40263 is exploited?

If CVE-2022-40263 is exploited, threat actors may be able to access, modify, or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI), and personally identifiable information (PII).

First published: Fri Nov 04 2022(Updated: )

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability.

Credit: cybersecurity@bd.com

Affected Software	Affected Version	How to fix
Bd Totalys Multiprocessor Firmware	<1.71
BD Totalys MultiProcessor

Remedy

This vulnerability is scheduled to be remediated in the BD Totalys MultiProcessor version 1.71 software release expected in the fourth quarter of 2022.

Never miss a vulnerability like this again

Reference Links

https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-totalys-multiprocessor-hardcoded-credentials

Frequently Asked Questions

What is CVE-2022-40263?
CVE-2022-40263 is a vulnerability in BD Totalys MultiProcessor versions 1.70 and earlier that allows threat actors to access, modify, or delete sensitive information due to hardcoded credentials.
What is the severity of CVE-2022-40263?
CVE-2022-40263 has a severity score of 7.8, which is considered high.
How does CVE-2022-40263 impact BD Totalys MultiProcessor?
CVE-2022-40263 allows threat actors to exploit the hardcoded credentials in BD Totalys MultiProcessor versions 1.70 and earlier, potentially gaining unauthorized access to sensitive information.
What could happen if CVE-2022-40263 is exploited?
If CVE-2022-40263 is exploited, threat actors may be able to access, modify, or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI), and personally identifiable information (PII).
How can I fix CVE-2022-40263?
To fix CVE-2022-40263, it is recommended to update BD Totalys MultiProcessor to version 1.71 or later, which addresses the hardcoded credentials vulnerability.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/weakness
agent/title
agent/references
agent/last-modified-date
agent/remedy
agent/description
agent/event
agent/first-publish-date
agent/tags
vendor/bd
canonical/bd totalys multiprocessor firmware
canonical/bd totalys multiprocessor

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.