Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-22765
PUBLISHED
More InfoOfficial Page
Assigner-BD
Assigner Org ID-2325d071-eabf-4b7b-a4ea-0819b6629a18
View Known Exploited Vulnerability (KEV) details
Published At-12 Feb, 2022 | 02:30
Updated At-17 Sep, 2024 | 02:58
Rejected At-
▼CVE Numbering Authority (CNA)
BD Viper LT System - Hardcoded Credentials

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability.

Affected Products
Vendor
Becton, Dickinson and CompanyBecton Dickinson (BD)
Product
BD Viper LT System
Versions
Affected
  • From next of 2.0 before unspecified (custom)
Problem Types
TypeCWE IDDescription
CWECWE-798CWE-798 Use of Hard-coded Credentials
Type: CWE
CWE ID: CWE-798
Description: CWE-798 Use of Hard-coded Credentials
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The fix is expected in BD Viper LT system version 4.80 software release.

Configurations
Workarounds

Ensure physical access controls are in place and only authorized end-users have access to the BD Viperâ„¢ LT system. Disconnect the BD Viper LT system from network access, where applicable. If the BD Viper LT system must be connected to a network, ensure industry standard network security policies and procedures are followed.

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials
x_refsource_CONFIRM
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02
x_refsource_MISC
Hyperlink: https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials
x_refsource_CONFIRM
x_transferred
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02
x_refsource_MISC
x_transferred
Hyperlink: https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02
Resource:
x_refsource_MISC
x_transferred
Details not found