Lucene search

[email protected]CVE-2022-43557

HistoryDec 05, 2022 - 10:15 p.m.

CVE-2022-43557

2022-12-0522:15:11

CWE-287

CWE-1299

[email protected]

web.nvd.nist.gov

bd bodyguard

infusion pumps

rs-232

access

security vulnerability

cve-2022-43557

nvd

5.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

4.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.

Affected configurations

NVD

Node

bdbodyguard_999-603Match-

AND

bdbodyguard_999-603_firmwareMatch-

Node

bdbodyguard_duo_999-903Match-

AND

bdbodyguard_duo_999-903_firmwareMatch-

Node

bdbodyguard_epidural_999-683Match-

AND

bdbodyguard_epidural_999-683_firmwareMatch-

Node

bdbodyguard_pain_manager_999-803Match-

AND

bdbodyguard_pain_manager_999-803_firmwareMatch-

Node

bdbodyguard_t_999-103Match-

AND

bdbodyguard_t_999-103_firmwareMatch-

Node

bdbodyguard_323_colorvisionMatch-

AND

bdbodyguard_323_colorvision_firmwareMatch-

Node

bdbodyguard_121_twinsMatch-

AND

bdbodyguard_121_twins_firmwareMatch-

CPENameOperatorVersion
bd:bodyguard_999-603_firmwarebd bodyguard 999-603 firmwareeq-

CPE	Name	Operator	Version
bd:bodyguard_999-603_firmware	bd bodyguard 999-603 firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BodyGuard™ Pump",
    "vendor": "Becton, Dickinson and Company (BD)",
    "versions": [
      {
        "status": "affected",
        "version": "BD BodyGuard™ "
      },
      {
        "status": "affected",
        "version": "CME BodyGuard™ 323 (2nd Edition)"
      },
      {
        "status": "affected",
        "version": "CME BodyGuard™ 323 Color Vision (2nd Edition)"
      },
      {
        "status": "affected",
        "version": "CME BodyGuard™ 323 Color Vision (3rd Edition)"
      },
      {
        "status": "affected",
        "version": "CME BodyGuard™ Twins (2nd Edition)"
      }
    ]
  }
]

References

www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-bodyguard-pumps-rs-232-interface-vulnerability

5.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

4.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Related for CVE-2022-43557

ics1 nvd1 prion1 cvelist1