Description
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentials
Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01
Scores
CVSS v3
7.0
EPSS
0.0022
EPSS Percentile
12.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (24)
bd/pyxis_anesthesia_station_4000_firmware
bd/pyxis_anesthesia_station_es_firmware
bd/pyxis_cato_firmware
bd/pyxis_ciisafe_firmware
bd/pyxis_inventory_connect_firmware
bd/pyxis_iv_prep_firmware
bd/pyxis_jitrbud_firmware
bd/pyxis_kanban_rf_firmware
bd/pyxis_logistics_firmware
bd/pyxis_med_link_family_firmware
... and 14 more
Published
Feb 11, 2022
Tracked Since
Feb 18, 2026