CVE-2022-22766

Summary

CVE	CVE-2022-22766
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-02-11 19:15:00 UTC
Updated	2022-05-11 14:59:00 UTC
Description	Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.

Risk And Classification

Problem Types: CWE-798

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Bd	Pyxis Anesthesia Station 4000	-	All	All	All
Operating System	Bd	Pyxis Anesthesia Station 4000 Firmware	All	All	All	All
Hardware	Bd	Pyxis Anesthesia Station Es	-	All	All	All
Operating System	Bd	Pyxis Anesthesia Station Es Firmware	All	All	All	All
Hardware	Bd	Pyxis Cato	-	All	All	All
Operating System	Bd	Pyxis Cato Firmware	All	All	All	All
Hardware	Bd	Pyxis Ciisafe	-	All	All	All
Operating System	Bd	Pyxis Ciisafe Firmware	All	All	All	All
Hardware	Bd	Pyxis Inventory Connect	-	All	All	All
Operating System	Bd	Pyxis Inventory Connect Firmware	All	All	All	All
Hardware	Bd	Pyxis Iv Prep	-	All	All	All
Operating System	Bd	Pyxis Iv Prep Firmware	All	All	All	All
Hardware	Bd	Pyxis Jitrbud	-	All	All	All
Operating System	Bd	Pyxis Jitrbud Firmware	All	All	All	All
Hardware	Bd	Pyxis Kanban Rf	-	All	All	All
Operating System	Bd	Pyxis Kanban Rf Firmware	All	All	All	All
Hardware	Bd	Pyxis Logistics	-	All	All	All
Operating System	Bd	Pyxis Logistics Firmware	All	All	All	All
Hardware	Bd	Pyxis Medbank	-	All	All	All
Operating System	Bd	Pyxis Medbank Firmware	All	All	All	All
Hardware	Bd	Pyxis Medstation 4000	-	All	All	All
Operating System	Bd	Pyxis Medstation 4000 Firmware	All	All	All	All
Hardware	Bd	Pyxis Medstation Es	-	All	All	All
Operating System	Bd	Pyxis Medstation Es Firmware	All	All	All	All
Hardware	Bd	Pyxis Medstation Es Server	-	All	All	All
Operating System	Bd	Pyxis Medstation Es Server Firmware	All	All	All	All
Hardware	Bd	Pyxis Med Link Family	-	All	All	All
Operating System	Bd	Pyxis Med Link Family Firmware	All	All	All	All
Hardware	Bd	Pyxis Parassist	-	All	All	All
Operating System	Bd	Pyxis Parassist Firmware	All	All	All	All
Hardware	Bd	Pyxis Pharmopack	-	All	All	All
Operating System	Bd	Pyxis Pharmopack Firmware	All	All	All	All
Hardware	Bd	Pyxis Procedurestation	-	All	All	All
Operating System	Bd	Pyxis Procedurestation Firmware	All	All	All	All
Hardware	Bd	Pyxis Rapid Rx	-	All	All	All
Operating System	Bd	Pyxis Rapid Rx Firmware	All	All	All	All
Hardware	Bd	Pyxis Stockstation	-	All	All	All
Operating System	Bd	Pyxis Stockstation Firmware	All	All	All	All
Hardware	Bd	Pyxis Supplycenter	-	All	All	All
Operating System	Bd	Pyxis Supplycenter Firmware	All	All	All	All
Hardware	Bd	Pyxis Supplyroller	-	All	All	All
Operating System	Bd	Pyxis Supplyroller Firmware	All	All	All	All
Hardware	Bd	Pyxis Supplystation	-	All	All	All
Operating System	Bd	Pyxis Supplystation Firmware	All	All	All	All
Hardware	Bd	Pyxis Track And Deliver	-	All	All	All
Operating System	Bd	Pyxis Track And Deliver Firmware	All	All	All	All
Hardware	Bd	Rowa Pouch Packaging Systems	-	All	All	All
Operating System	Bd	Rowa Pouch Packaging Systems Firmware	All	All	All	All

References

Reference	Source	Link	Tags
BD Pyxis<sup>™</sup> Products - Hardcoded Credentials	CONFIRM	cybersecurity.bd.com
BD Pyxis \| CISA	MISC	www.cisa.gov
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.