← Back to home
ICSMA-18-114-01  ·  Published 2018-04-24  ·  View on CISA ICS-CERT ↗

BD Pyxis

CVSS 6.8 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow data traffic manipulation, resulting in partial disclosure of encrypted communication or injection of data.

CVEs (1)

Remediations

  • BD has implemented third-party vendor patches through BD's routine patch deployment process that resolves these vulnerabilities for most devices. Some devices require coordination with BD. BD is in the process of contacting users to schedule and deploy patches. There is currently no reported verified instance of the KRACK vulnerability being exploited maliciously against BD devices.
  • Additionally, BD recommends the following compensating controls in order to reduce risk associated with this vulnerability:
  • BD has published a product security bulletin to notify users about this issue and to provide additional mitigation counsel. It can be found at the following location on their web page:
  • http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-wpa2-krack-wi-fi-vulnerability

Affected Vendors

Becton, Dickinson and Company (BD)

Affected Products (12)

Becton, Dickinson and Company (BD) · BD Pyxis Anesthesia ES vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis Anesthesia System 4000 vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis Anesthesia System 3500 vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis MedStation 4000 T2 vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis MedStation ES vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis SupplyStation vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis SupplyRoller vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis ParAssist System vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis PARx vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis CIISafe - Workstation vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis StockStation System vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis Parx handheld vers:all/*

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more