CVE-2022-22766
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
11/02/2022
Last modified:
11/05/2022
Description
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:bd:pyxis_anesthesia_station_4000_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bd:pyxis_anesthesia_station_4000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:bd:pyxis_cato_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bd:pyxis_cato:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:bd:pyxis_ciisafe_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bd:pyxis_ciisafe:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:bd:pyxis_inventory_connect_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bd:pyxis_inventory_connect:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:bd:pyxis_iv_prep_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bd:pyxis_iv_prep:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:bd:pyxis_jitrbud_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bd:pyxis_jitrbud:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:bd:pyxis_kanban_rf_firmware:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page