BD Pyxis 安全漏洞

BD Pyxis is a medication management system from Biddy Medical BD. A security vulnerability exists in BD Pyxis that stems from the use of default credentials. The following products and versions are affected: BD Pyxis™ Anesthesia Station ES, BD Pyxis™ CIISafe, BD Pyxis™ Logistics, BD Pyxis™ MedBan...

Supply chain security issues in reproduction: a medicines management system How will A 1 4 0 0 a vulnerability-vulnerability warning-the black bar safety net

! Industrial control systems network Emergency Response Team, ICS-CERT on Tuesday issued a notice to appear, a widely used medication management system in the presence of more than 1 4 0 0 a vulnerability. Security researchers independently of the road Pyxis SupplyStation are United by CareFusion...

1,400+ Vulnerabilities Identified in Medical Supply System

More than 1,400 vulnerabilities exist in a widely used drug cabinet system, according to an advisory issued by the Industrial Control Systems Cyber Emergency Response Team ICS-CERT on Tuesday. The problems exist in Pyxis SupplyStation, an automated medical supply cabinet manufactured by CareFusio...

CVE-2014-5420

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors...

CVE-2014-5421

CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access...

CVE-2014-5422

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-5423

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary 1 debugging file or 2 developer file...

Hardcoded credentials

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors...

Hardcoded credentials

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors...

Design/Logic Flaw

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary 1 debugging file or 2 developer file...

Hardcoded credentials

CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access...

CVE-2014-5421

CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access...

CVE-2014-5422

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-5420

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors...

CVE-2014-5421

CareFusion Pyxis SupplyStation system (version 8.1 with hardware test tool 1.0.16 and earlier) contains a hard-coded database password that can allow local users with cabinet access to gain privileges. CVE-2014-5421 is documented with a base vulnerability tied to hard-coded credentials; NVD notes...

CVE-2014-5423

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary 1 debugging file or 2 developer file...

CVE-2014-5422

CVE-2014-5422 affects CareFusion Pyxis SupplyStation system 8.1 with hardware test tool prior to 1.0.16. The vulnerability is due to a hardcoded service password that grants admin privileges, enabling a remote attacker to gain access through unspecified vectors (remote exploitation possible if ne...

CareFusion Pyxis SupplyStation System Vulnerabilities

OVERVIEW Independent researcher Billy Rios identified authentication vulnerabilities in CareFusion’s Pyxis SupplyStation system. CareFusion has implemented additional controls to mitigate some of these vulnerabilities in the SupplyStation system. Some of the reported vulnerabilities could be...