CVE Published: 11/02/2022 |
CVE Updated: 16/09/2024 |
CVE Year: 2022 Source: BD |
Vendor: Becton Dickinson (BD) |
Product: BD Pyxis Anesthesia Station ES Status : PUBLISHED
CVE-2022-22766 Description
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
Metrics
CVSS Version: 3.1 |
Base Score: 7 HIGH Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* HIGH Privileges Required (PR)* LOW User Interaction (UI)* NONE Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE-798 CWE Name: CWE-798 Use of Hard-coded Credentials Source: Becton Dickinson (BD)
Common Attack Pattern Enumeration and Classification (CAPEC)