CVE-2022-43557 MEDIUM

CVE-2022-43557: BD BodyGuard™ Pumps – RS-232 Interface Vulnerability

Vendor Becton, Dickinson And Company (Bd)
Product BodyGuard™ Pump
Weakness CWE-1299
Published December 5, 2022
Last update April 23, 2025

CVSS base score

5.3/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.

Key dates

02Disclosure timeline

December 5, 2022 CVE published
April 23, 2025 Record updated