← Back to home
ICSMA-22-151-01  ·  Published 2022-05-31  ·  View on CISA ICS-CERT ↗

BD Pyxis

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to gain access to electronic protected health information (ePHI) or other sensitive information.

CVEs (1)

Remediations

  • BD is currently strengthening credential management capabilities in BD Pyxis products. Service personnel are working with users whose domain-joined server(s) credentials require updates.
  • BD is piloting a credential management solution initially targeted for specific BD Pyxis product versions and will allow for improved authentication management practices with specific local operating system credentials. Changes needed for installation, upgrade, or to applications are being evaluated as remediations.
  • Additionally, BD recommends the following compensating controls for users of BD Pyxis products utilizing default credentials:
  • For more information on this issue, please see the associated BD product security bulletin on the BD website.

Affected Vendors

Becton, Dickinson and Company (BD)

Affected Products (16)

Becton, Dickinson and Company (BD) · BD Pyxis ES Anesthesia Station vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis StockStation vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis SupplyCenter vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis SupplyRoller vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis SupplyStation vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis SupplyStation EC vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis SupplyStation RF auxiliary vers:all/*
Becton, Dickinson and Company (BD) · BD Rowa Pouch Packaging Systems vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis CIISafe vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis Logistics vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis MedBank vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis MedStation 4000 vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis MedStation ES vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis MedStation ES Server vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis ParAssist vers:all/*
Becton, Dickinson and Company (BD) · BD Pyxis Rapid Rx vers:all/*

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more