EUVD-2022-27910

Malicious code in bioql PyPI...

EUVD-2022-27909

Malicious code in bioql PyPI...

New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

The United States Department of Health and Human Services' HHS Office for Civil Rights OCR has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance...

CVE-2022-43557 BD BodyGuard™ Pumps – RS-232 Interface Vulnerability

The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 serial port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information ePHI, protected heal...

CVE-2022-40263

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable...

CVE-2022-40263

BD Totalys MultiProcessor (versions 1.70 and earlier) is affected by a hard-coded credentials vulnerability. Exploitation would require local access (or physical access if networked) to the system, with low attack complexity and user interaction not needed. Successful exploitation could allow an ...

CVE-2022-30277

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and...

CVE-2022-22767

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined servers credentials that may be share...

Session fixation

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and...

Default credentials

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined servers credentials that may be share...

CVE-2022-30277

BD Synapsys, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability (CWE-613) that could allow a threat actor to access, modify, or delete sensitive data (ePHI/PHI/PII). Exploitation is not remotely exploitable per available documents. CVSS v3 base score: 5.7 ...

CVE-2022-30277 BD Synapsys™ – Insufficient Session Expiration

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and...

CVE-2022-22767

BD Pyxis products are affected by CVE-2022-22767 due to default credentials across multiple BD Pyxis lines (e.g., ES Anesthesia Station, CIISafe, Logistics, MedBank, MedStation variants, ParAssist, Rapid Rx, StockStation, SupplyCenter/Roller/Station/EC, and Rowa packaging systems). The root cause...

CVE-2022-22767 BD Pyxis™ Products – Default Credentials

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined servers credentials that may be share...

BD Pyxis

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Becton, Dickinson and Company BD Equipment: Pyxis Vulnerability: Not Using Password Aging 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to...

BD Synapsys

1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company BD Equipment: Synapsys Vulnerability: Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access, modify, or delete...

BD Pyxis

1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Becton, Dickinson and Company BD Equipment: Pyxis Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to electronic protected health information ePHI or other...

CVE-2022-22765

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable information...

Hardcoded credentials

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable information...

CVE-2022-22765 BD Viper LT System - Hardcoded Credentials

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable information...