Description
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Becton Dickinson (BD) / BD Pyxis™ Anesthesia ES StationAll versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ CIISafeAll versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ LogisticsAll versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ MedBankAll versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ MedStation™ 4000All versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ MedStation™ ESAll versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ MedStation™ ES ServerAll versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ ParAssistAll versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ Rapid RxAll versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ StockStationAll versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ SupplyCenterAll versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ SupplyRollerAll versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ SupplyStation™All versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ SupplyStation™ ECAll versions – All versions
- Becton Dickinson (BD) / BD Pyxis™ SupplyStation™ RF auxiliaryAll versions – All versions
- Becton Dickinson (BD) / BD Rowa™ Pouch Packaging SystemsAll versions – All versions