CVE-2022-22767

Published Jun 2, 2022
Last updated 2 years ago
CVSS high 8.8
Overview

Description: Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.
Source: cybersecurity@bd.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 8.3
Impact score: 10
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-522
cybersecurity@bd.com: CWE-262
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "095129F1-9417-42F7-A797-22F62BA53945"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "32F3ACBB-87CA-43D2-8E32-2656BDCFEB8D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_ciisafe_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB6CDD66-A0A2-4939-960F-8DE9DF2BF8A1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_ciisafe:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0488CEEA-9504-4619-80F2-106AF8A3E4A1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_logistics_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E7FFB91-0ACC-43DC-AFAA-DBBD1E10C21C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_logistics:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E0197950-E007-4748-89B5-06A1ABA06E39"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_medbank_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E62C14F-58E7-4A40-880C-1A6E848122B4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_medbank:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "246A5F4B-B994-4FC4-A696-1E67E2F9971B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_medstation_4000_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEDEB528-0AEE-40B3-8F89-69118CDB6FF1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_medstation_4000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "65167BF4-9505-4C1A-8E48-B772A74271F8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_medstation_es_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF6F4AA1-45B9-4DCB-BFA4-F6A6CA71508E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_medstation_es:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CFB63AC0-5A51-494D-BDFA-BFD4B66A44D9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_medstation_es_server_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B42C105A-FADE-4B60-ABFE-51298098EA4F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_medstation_es_server:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "042CAB2C-F252-4769-B38B-4DEC2C8D109A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_parassist_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BDB2B7D-A212-4F34-AC20-5B6B79776707"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_parassist:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "192F2049-9575-48C2-9EF5-5CB8A2C0C65B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_rapid_rx_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C9F9BE7-A22F-40C7-B88B-10FB4D7D390F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_rapid_rx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FE6C17CA-3731-4214-9388-BEBFCF2509D0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_stockstation_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41030912-5C48-424A-83C1-516D82CCF762"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_stockstation:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2699D945-7724-4CDA-9542-A9954D0B0BF2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_supplycenter_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1063ED97-BFB0-437D-BE94-ACA16FA1927B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_supplycenter:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D619B7DE-C9A9-45FA-8A7F-DEED2838AD18"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_supplyroller_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E9D58D9-2E46-49BD-B0F6-7A44236B639C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_supplyroller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "56199C09-6164-4E73-B868-C3FE5BC74C40"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_supplystation_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF6ACF1A-D2A7-4EB2-9098-045E66B72AA1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_supplystation:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "84A0B681-5D18-4D0F-B485-A90348AFD321"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_supplystation_ec_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27CB7296-8A67-43A7-AC8C-09250093D500"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_supplystation_ec:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3EB2BE62-AFAC-443C-ABEB-F61D798B246B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:pyxis_supplystation_rf_auxiliary_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FC7D3CE-4742-40AD-93F0-C26488E73840"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:pyxis_supplystation_rf_auxiliary:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5584CAB1-0A32-4358-8CD1-F1F9AF332B0F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bd:rowa_pouch_packaging_systems_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "150594A6-6426-4A44-A1C4-40CEE69614C2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bd:rowa_pouch_packaging_systems:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C2F707E6-6F04-45E5-BA9C-0109A34AC160"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
