BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability.
References
Link | Resource |
---|---|
https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials | Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02 | Third Party Advisory US Government Resource |
https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials | Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 06:47
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 8.0 |
References | () https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials - Vendor Advisory | |
References | () https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02 - Third Party Advisory, US Government Resource |
11 May 2022, 14:38
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02 - Third Party Advisory, US Government Resource |
10 Mar 2022, 17:45
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Feb 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials - Vendor Advisory | |
CPE | cpe:2.3:h:bd:viper_lt_system:-:*:*:*:*:*:*:* cpe:2.3:o:bd:viper_lt_system_firmware:*:*:*:*:*:*:*:* |
|
CWE | CWE-798 | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
12 Feb 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-12 03:15
Updated : 2024-11-21 06:47
NVD link : CVE-2022-22765
Mitre link : CVE-2022-22765
CVE.ORG link : CVE-2022-22765
JSON object : View
Products Affected
bd
- viper_lt_system
- viper_lt_system_firmware
CWE
CWE-798
Use of Hard-coded Credentials