Lucene search

BDCVELIST:CVE-2022-22765

HistoryFeb 11, 2022 - 12:00 a.m.

CVE-2022-22765 BD Viper LT System - Hardcoded Credentials

2022-02-1100:00:00

CWE-798

www.cve.org

8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability.

CNA Affected

[
  {
    "product": "BD Viper LT System",
    "vendor": "Becton Dickinson (BD)",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "next of 2.0",
        "versionType": "custom"
      }
    ]
  }
]

References

cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials

www.cisa.gov/uscert/ics/advisories/icsma-22-062-02

8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for CVELIST:CVE-2022-22765