{"containers":{"cna":{"affected":[{"product":"BD Pyxis™ Anesthesia ES Station","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ CIISafe","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ Logistics","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ MedBank","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ MedStation™ 4000","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ MedStation™ ES","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ MedStation™ ES Server","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ ParAssist","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ Rapid Rx","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ StockStation","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ SupplyCenter","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ SupplyRoller","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ SupplyStation™","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ SupplyStation™ EC","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Pyxis™ SupplyStation™ RF auxiliary","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]},{"product":"BD Rowa™ Pouch Packaging Systems","vendor":"Becton Dickinson (BD)","versions":[{"status":"affected","version":"All versions"}]}],"configurations":[{"lang":"en","value":"To exploit this vulnerability, threat actors would have to gain access to the default credentials, infiltrate facility’s network, and gain access to individual devices and/or servers."}],"datePublic":"2022-05-31T00:00:00.000Z","descriptions":[{"lang":"en","value":"Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-262","description":"CWE-262: Not Using Password Aging","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-06-01T16:35:38.000Z","orgId":"2325d071-eabf-4b7b-a4ea-0819b6629a18","shortName":"BD"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials"}],"solutions":[{"lang":"en","value":"BD is currently strengthening our credential management capabilities in BD Pyxis™ products. Service personnel are proactively working with customers whose domain-joined server(s) credentials require updates. BD is currently piloting a credential management solution that is initially targeted for only specific BD Pyxis™ product versions and will allow for improved authentication management practices with specific local operating system credentials. Changes needed for installation, upgrade or to applications are being evaluated as part of the overall remediation."}],"source":{"discovery":"INTERNAL"},"title":"BD Pyxis™ Products – Default Credentials","workarounds":[{"lang":"en","value":"Limit physical access to only authorized personnel."},{"lang":"en","value":"Tightly control management of system passwords provided to authorized users."},{"lang":"en","value":"Isolate affected products in a secure VLAN or behind firewalls with restricted access that only permits communication with trusted hosts in other networks when needed."},{"lang":"en","value":"Work with your local BD support team to ensure that patching and virus definitions are up to date. The BD Remote Support Services Solution for automated patching and virus definition management is an available solution for customer accounts."}],"x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cybersecurity@bd.com","DATE_PUBLIC":"2022-05-31T15:00:00.000Z","ID":"CVE-2022-22767","STATE":"PUBLIC","TITLE":"BD Pyxis™ Products – Default Credentials"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"BD Pyxis™ Anesthesia ES Station","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ CIISafe","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ Logistics","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ MedBank","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ MedStation™ 4000","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ MedStation™ ES","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ MedStation™ ES Server","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ ParAssist","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ Rapid Rx","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ StockStation","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ SupplyCenter","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ SupplyRoller","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ SupplyStation™","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ SupplyStation™ EC","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Pyxis™ SupplyStation™ RF auxiliary","version":{"version_data":[{"version_value":"All versions"}]}},{"product_name":"BD Rowa™ Pouch Packaging Systems","version":{"version_data":[{"version_value":"All versions"}]}}]},"vendor_name":"Becton Dickinson (BD)"}]}},"configuration":[{"lang":"en","value":"To exploit this vulnerability, threat actors would have to gain access to the default credentials, infiltrate facility’s network, and gain access to individual devices and/or servers."}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-262: Not Using Password Aging"}]}]},"references":{"reference_data":[{"name":"https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials","refsource":"CONFIRM","url":"https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials"}]},"solution":[{"lang":"en","value":"BD is currently strengthening our credential management capabilities in BD Pyxis™ products. Service personnel are proactively working with customers whose domain-joined server(s) credentials require updates. BD is currently piloting a credential management solution that is initially targeted for only specific BD Pyxis™ product versions and will allow for improved authentication management practices with specific local operating system credentials. Changes needed for installation, upgrade or to applications are being evaluated as part of the overall remediation."}],"source":{"discovery":"INTERNAL"},"work_around":[{"lang":"en","value":"Limit physical access to only authorized personnel."},{"lang":"en","value":"Tightly control management of system passwords provided to authorized users."},{"lang":"en","value":"Isolate affected products in a secure VLAN or behind firewalls with restricted access that only permits communication with trusted hosts in other networks when needed."},{"lang":"en","value":"Work with your local BD support team to ensure that patching and virus definitions are up to date. The BD Remote Support Services Solution for automated patching and virus definition management is an available solution for customer accounts."}]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T03:21:49.167Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials"}]}]},"cveMetadata":{"assignerOrgId":"2325d071-eabf-4b7b-a4ea-0819b6629a18","assignerShortName":"BD","cveId":"CVE-2022-22767","datePublished":"2022-06-01T16:35:38.991Z","dateReserved":"2022-01-07T00:00:00.000Z","dateUpdated":"2024-09-16T16:42:50.707Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}