Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00228.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Becton Dickinson (BD) BD Pyxis™ Anesthesia ES Station affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ CIISafe affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ Logistics affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ MedBank affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ MedStation™ 4000 affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ MedStation™ ES affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ MedStation™ ES Server affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ ParAssist affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ Rapid Rx affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ StockStation affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ SupplyCenter affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ SupplyRoller affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ SupplyStation™ affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ SupplyStation™ EC affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Pyxis™ SupplyStation™ RF auxiliary affected
Version Status Constraints
All versions affected
Becton Dickinson (BD) BD Rowa™ Pouch Packaging Systems affected
Version Status Constraints
All versions affected

Configuration 1 [-]

AND
cpe:2.3:o:bd:pyxis_anesthesia_station_es_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_anesthesia_station_es:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:bd:pyxis_ciisafe_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_ciisafe:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:bd:pyxis_logistics_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_logistics:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:bd:pyxis_medbank_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medbank:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:bd:pyxis_medstation_4000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medstation_4000:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:bd:pyxis_medstation_es_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medstation_es:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:bd:pyxis_medstation_es_server_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_medstation_es_server:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:bd:pyxis_parassist_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_parassist:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:bd:pyxis_rapid_rx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_rapid_rx:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:bd:pyxis_stockstation_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_stockstation:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:bd:pyxis_supplycenter_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_supplycenter:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:bd:pyxis_supplyroller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_supplyroller:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:bd:pyxis_supplystation_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_supplystation:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:bd:pyxis_supplystation_ec_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_supplystation_ec:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:bd:pyxis_supplystation_rf_auxiliary_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:pyxis_supplystation_rf_auxiliary:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:bd:rowa_pouch_packaging_systems_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bd:rowa_pouch_packaging_systems:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Bd Subscribe
Pyxis Anesthesia Station Es Subscribe
Pyxis Anesthesia Station Es Firmware Subscribe
Pyxis Ciisafe Subscribe
Pyxis Ciisafe Firmware Subscribe
Pyxis Logistics Subscribe
Pyxis Logistics Firmware Subscribe
Pyxis Medbank Subscribe
Pyxis Medbank Firmware Subscribe
Pyxis Medstation 4000 Subscribe
Pyxis Medstation 4000 Firmware Subscribe
Pyxis Medstation Es Subscribe
Pyxis Medstation Es Firmware Subscribe
Pyxis Medstation Es Server Subscribe
Pyxis Medstation Es Server Firmware Subscribe
Pyxis Parassist Subscribe
Pyxis Parassist Firmware Subscribe
Pyxis Rapid Rx Subscribe
Pyxis Rapid Rx Firmware Subscribe
Pyxis Stockstation Subscribe
Pyxis Stockstation Firmware Subscribe
Pyxis Supplycenter Subscribe
Pyxis Supplycenter Firmware Subscribe
Pyxis Supplyroller Subscribe
Pyxis Supplyroller Firmware Subscribe
Pyxis Supplystation Subscribe
Pyxis Supplystation Ec Subscribe
Pyxis Supplystation Ec Firmware Subscribe
Pyxis Supplystation Firmware Subscribe
Pyxis Supplystation Rf Auxiliary Subscribe
Pyxis Supplystation Rf Auxiliary Firmware Subscribe
Rowa Pouch Packaging Systems Subscribe
Rowa Pouch Packaging Systems Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2022-27910 Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.
Fixes

Solution

BD is currently strengthening our credential management capabilities in BD Pyxis™ products. Service personnel are proactively working with customers whose domain-joined server(s) credentials require updates. BD is currently piloting a credential management solution that is initially targeted for only specific BD Pyxis™ product versions and will allow for improved authentication management practices with specific local operating system credentials. Changes needed for installation, upgrade or to applications are being evaluated as part of the overall remediation.

Workaround

Limit physical access to only authorized personnel.

References
Link Providers
https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products-default-credentials cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: BD

Published:

Updated: 2024-09-16T16:42:50.707Z

Reserved: 2022-01-07T00:00:00

Link: CVE-2022-22767

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-06-02T14:15:35.843

Modified: 2024-11-21T06:47:24.450

Link: CVE-2022-22767

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses