CVE-2022-22766 HIGH

CVE-2022-22766: BD Pyxis Products - Hardcoded Credentials

Vendor Becton Dickinson (Bd)
Product BD Pyxis Anesthesia Station ES
Weakness CWE-798 · Hardcoded credentials
Published February 11, 2022
Last update September 16, 2024

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.

Key dates

02Disclosure timeline

February 11, 2022 CVE published
September 16, 2024 Record updated