First published: Mon Dec 05 2022(Updated: )
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.
Credit: cybersecurity@bd.com cybersecurity@bd.com
Affected Software | Affected Version | How to fix |
---|---|---|
Bd Bodyguard 999-603 Firmware | ||
Bd Bodyguard 999-603 | ||
Bd Bodyguard Duo 999-903 Firmware | ||
Bd Bodyguard Duo 999-903 | ||
Bd Bodyguard Epidural 999-683 Firmware | ||
Bd Bodyguard Epidural 999-683 | ||
Bd Bodyguard Pain Manager 999-803 Firmware | ||
Bd Bodyguard Pain Manager 999-803 | ||
Bd Bodyguard T 999-103 Firmware | ||
Bd Bodyguard T 999-103 | ||
Bd Bodyguard 323 Colorvision Firmware | ||
Bd Bodyguard 323 Colorvision | ||
Bd Bodyguard 121 Twins Firmware | ||
Bd Bodyguard 121 Twins | ||
All of | ||
Bd Bodyguard 999-603 Firmware | ||
Bd Bodyguard 999-603 | ||
All of | ||
Bd Bodyguard Duo 999-903 Firmware | ||
Bd Bodyguard Duo 999-903 | ||
All of | ||
Bd Bodyguard Epidural 999-683 Firmware | ||
Bd Bodyguard Epidural 999-683 | ||
All of | ||
Bd Bodyguard Pain Manager 999-803 Firmware | ||
Bd Bodyguard Pain Manager 999-803 | ||
All of | ||
Bd Bodyguard T 999-103 Firmware | ||
Bd Bodyguard T 999-103 | ||
All of | ||
Bd Bodyguard 323 Colorvision Firmware | ||
Bd Bodyguard 323 Colorvision | ||
All of | ||
Bd Bodyguard 121 Twins Firmware | ||
Bd Bodyguard 121 Twins |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43557 is a vulnerability that allows threat actors with physical access and specialized equipment to configure or disable the BD BodyGuard™ infusion pumps through the RS-232 interface.
CVE-2022-43557 affects the BD BodyGuard™ infusion pumps by allowing unauthorized configuration or disabling of the pumps through the RS-232 interface.
CVE-2022-43557 has a severity rating of 5.3 (Medium).
The affected software of CVE-2022-43557 includes the BD BodyGuard™ infusion pumps with specific firmware versions.
To mitigate CVE-2022-43557, follow the recommendations provided by the vendor and refer to the provided reference link for more information.