Description
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Becton Dickinson (BD) / BD Pyxis Anesthesia Station 4000All – All
- Becton Dickinson (BD) / BD Pyxis Anesthesia Station ESAll – All
- Becton Dickinson (BD) / BD Pyxis CATOAll – All
- Becton Dickinson (BD) / BD Pyxis™ CIISafeAll – All
- Becton Dickinson (BD) / BD Pyxis Inventory ConnectAll – All
- Becton Dickinson (BD) / BD Pyxis IV PrepAll – All
- Becton Dickinson (BD) / BD Pyxis JITrBUDAll – All
- Becton Dickinson (BD) / BD Pyxis KanBan RFAll – All
- Becton Dickinson (BD) / BD Pyxis™ LogisticsAll – All
- Becton Dickinson (BD) / BD Pyxis™ MedBankAll – All
- Becton Dickinson (BD) / BD Pyxis Med Link FamilyAll – All
- Becton Dickinson (BD) / BD Pyxis™ MedStation™ 4000All – All
- Becton Dickinson (BD) / BD Pyxis™ MedStation™ ESAll – All
- Becton Dickinson (BD) / BD Pyxis™ MedStation™ ES ServerAll – All
- Becton Dickinson (BD) / BD Pyxis™ ParAssistAll – All
- Becton Dickinson (BD) / BD Pyxis PharmoPackAll – All
- Becton Dickinson (BD) / BD Pyxis ProcedureStation (including EC)All – All
- Becton Dickinson (BD) / BD Pyxis™ Rapid RxAll – All
- Becton Dickinson (BD) / BD Pyxis™ StockStationAll – All
- Becton Dickinson (BD) / BD Pyxis™ SupplyCenterAll – All
- Becton Dickinson (BD) / BD Pyxis™ SupplyRollerAll – All
- Becton Dickinson (BD) / BD Pyxis SupplyStation (including RF, EC, CP)All – All
- Becton Dickinson (BD) / BD Pyxis Track and DeliverAll – All
- Becton Dickinson (BD) / BD Rowa™ Pouch Packaging SystemsAll – All