CVE-2022-40263 Vulnerability Details

  /     /     /  

CVE-2022-40263 Metadata Quick Info

CVE Published: 04/11/2022 | CVE Updated: 17/09/2024 | CVE Year: 2022
Source: BD | Vendor: Becton Dickson (BD) | Product: BD Totalys MultiProcessor
Status : PUBLISHED

---

CVE-2022-40263 Description

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability.

Metrics

CVSS Version: 3.1 | Base Score: 6.6 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-798
CWE Name: CWE-798 Use of Hard-coded Credentials
Source: Becton Dickson (BD)

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).