CWE
287 1299
Advisory Published
Updated

CVE-2022-43557: BD BodyGuard™ Pumps – RS-232 Interface Vulnerability

First published: Mon Dec 05 2022(Updated: )

The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.

Credit: cybersecurity@bd.com cybersecurity@bd.com

Affected SoftwareAffected VersionHow to fix
Bd Bodyguard 999-603 Firmware
Bd Bodyguard 999-603
Bd Bodyguard Duo 999-903 Firmware
Bd Bodyguard Duo 999-903
Bd Bodyguard Epidural 999-683 Firmware
Bd Bodyguard Epidural 999-683
Bd Bodyguard Pain Manager 999-803 Firmware
Bd Bodyguard Pain Manager 999-803
Bd Bodyguard T 999-103 Firmware
Bd Bodyguard T 999-103
Bd Bodyguard 323 Colorvision Firmware
Bd Bodyguard 323 Colorvision
Bd Bodyguard 121 Twins Firmware
Bd Bodyguard 121 Twins
All of
Bd Bodyguard 999-603 Firmware
Bd Bodyguard 999-603
All of
Bd Bodyguard Duo 999-903 Firmware
Bd Bodyguard Duo 999-903
All of
Bd Bodyguard Epidural 999-683 Firmware
Bd Bodyguard Epidural 999-683
All of
Bd Bodyguard Pain Manager 999-803 Firmware
Bd Bodyguard Pain Manager 999-803
All of
Bd Bodyguard T 999-103 Firmware
Bd Bodyguard T 999-103
All of
Bd Bodyguard 323 Colorvision Firmware
Bd Bodyguard 323 Colorvision
All of
Bd Bodyguard 121 Twins Firmware
Bd Bodyguard 121 Twins

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2022-43557?

    CVE-2022-43557 is a vulnerability that allows threat actors with physical access and specialized equipment to configure or disable the BD BodyGuard™ infusion pumps through the RS-232 interface.

  • How does CVE-2022-43557 affect the BD BodyGuard™ infusion pumps?

    CVE-2022-43557 affects the BD BodyGuard™ infusion pumps by allowing unauthorized configuration or disabling of the pumps through the RS-232 interface.

  • What is the severity of CVE-2022-43557?

    CVE-2022-43557 has a severity rating of 5.3 (Medium).

  • What is the affected software of CVE-2022-43557?

    The affected software of CVE-2022-43557 includes the BD BodyGuard™ infusion pumps with specific firmware versions.

  • How can I mitigate CVE-2022-43557?

    To mitigate CVE-2022-43557, follow the recommendations provided by the vendor and refer to the provided reference link for more information.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203