Description
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory vendor-advisory
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-bodyguard-pumps-rs-232-interface-vulnerability
Scores
CVSS v3
5.3
EPSS
0.0022
EPSS Percentile
12.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1299
CWE-287
Status
published
Products (7)
bd/bodyguard_121_twins_firmware
bd/bodyguard_323_colorvision_firmware
bd/bodyguard_999-603_firmware
bd/bodyguard_duo_999-903_firmware
bd/bodyguard_epidural_999-683_firmware
bd/bodyguard_pain_manager_999-803_firmware
bd/bodyguard_t_999-103_firmware
Published
Dec 05, 2022
Tracked Since
Feb 18, 2026