Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for BD Viper LT System by Becton Dickinson (BD)

    CVE-2022-22765 (GCVE-0-2022-22765)

    Vulnerability from nvd – Published: 2022-02-12 02:30 – Updated: 2024-09-17 02:58
    VLAI
    Title
    BD Viper LT System - Hardcoded Credentials
    Summary
    BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    BD
    References
    Impacted products
    Vendor Product Version
    Becton Dickinson (BD) BD Viper LT System Affected: next of 2.0 , < unspecified (custom)
    Create a notification for this product.
    Date Public
    2022-02-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.105Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BD Viper LT System",
              "vendor": "Becton Dickinson (BD)",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "next of 2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-02-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-09T15:26:14.000Z",
            "orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
            "shortName": "BD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "The fix is expected in BD Viper LT system version 4.80 software release."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "BD Viper LT System - Hardcoded Credentials",
          "workarounds": [
            {
              "lang": "en",
              "value": "Ensure physical access controls are in place and only authorized end-users have access to the BD Viper\u00e2\u201e\u00a2 LT system. Disconnect the BD Viper LT system from network access, where applicable. If the BD Viper LT system must be connected to a network, ensure industry standard network security policies and procedures are followed."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@bd.com",
              "DATE_PUBLIC": "2022-02-11T21:00:00.000Z",
              "ID": "CVE-2022-22765",
              "STATE": "PUBLIC",
              "TITLE": "BD Viper LT System - Hardcoded Credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BD Viper LT System",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e",
                                "version_value": "2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Becton Dickinson (BD)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials",
                  "refsource": "CONFIRM",
                  "url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials"
                },
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "The fix is expected in BD Viper LT system version 4.80 software release."
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Ensure physical access controls are in place and only authorized end-users have access to the BD Viper\u00e2\u201e\u00a2 LT system. Disconnect the BD Viper LT system from network access, where applicable. If the BD Viper LT system must be connected to a network, ensure industry standard network security policies and procedures are followed."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
        "assignerShortName": "BD",
        "cveId": "CVE-2022-22765",
        "datePublished": "2022-02-12T02:30:40.024Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:58:09.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22765 (GCVE-0-2022-22765)

    Vulnerability from cvelistv5 – Published: 2022-02-12 02:30 – Updated: 2024-09-17 02:58
    VLAI
    Title
    BD Viper LT System - Hardcoded Credentials
    Summary
    BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    BD
    References
    Impacted products
    Vendor Product Version
    Becton Dickinson (BD) BD Viper LT System Affected: next of 2.0 , < unspecified (custom)
    Create a notification for this product.
    Date Public
    2022-02-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.105Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BD Viper LT System",
              "vendor": "Becton Dickinson (BD)",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "next of 2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-02-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-09T15:26:14.000Z",
            "orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
            "shortName": "BD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "The fix is expected in BD Viper LT system version 4.80 software release."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "BD Viper LT System - Hardcoded Credentials",
          "workarounds": [
            {
              "lang": "en",
              "value": "Ensure physical access controls are in place and only authorized end-users have access to the BD Viper\u00e2\u201e\u00a2 LT system. Disconnect the BD Viper LT system from network access, where applicable. If the BD Viper LT system must be connected to a network, ensure industry standard network security policies and procedures are followed."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@bd.com",
              "DATE_PUBLIC": "2022-02-11T21:00:00.000Z",
              "ID": "CVE-2022-22765",
              "STATE": "PUBLIC",
              "TITLE": "BD Viper LT System - Hardcoded Credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BD Viper LT System",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e",
                                "version_value": "2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Becton Dickinson (BD)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials",
                  "refsource": "CONFIRM",
                  "url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials"
                },
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "The fix is expected in BD Viper LT system version 4.80 software release."
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Ensure physical access controls are in place and only authorized end-users have access to the BD Viper\u00e2\u201e\u00a2 LT system. Disconnect the BD Viper LT system from network access, where applicable. If the BD Viper LT system must be connected to a network, ensure industry standard network security policies and procedures are followed."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
        "assignerShortName": "BD",
        "cveId": "CVE-2022-22765",
        "datePublished": "2022-02-12T02:30:40.024Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:58:09.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }