BD Pyxis default account | CVE-2022-22767
NAME
BD Pyxis default account
- Platforms Affected:
BD Pyxis ES Anesthesia Station
BD Pyxis CIISafe
BD Pyxis Logistics
BD Pyxis MedBank
BD Pyxis MedStation ES
BD Pyxis MedStation ES Server
BD Pyxis ParAssist
BD Pyxis Rapid Rx
BD Pyxis StockStation
BD Pyxis SupplyCenter
BD Pyxis SupplyRoller
BD Pyxis SupplyStation
BD Pyxis SupplyStation EC
BD Pyxis SupplyStation RF auxiliary
BD Rowa Pouch Packaging Systems - Risk Level:
8.8 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
BD Pyxis contains default credentials. A remote attacker could exploit this vulnerability to gain access to electronic protected health information (ePHI) or other sensitive information.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Adjacent Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to BD Security Bulletin for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.cisa.gov/uscert/ics/advisories/icsma-22-151-01 - Reference Link:
https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
