CVE-2022-22765

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bd:viper_lt_system_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bd:viper_lt_system:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:47

Type Values Removed Values Added
CVSS v2 : 4.6
v3 : 7.8
v2 : 4.6
v3 : 8.0
References () https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials - Vendor Advisory () https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials - Vendor Advisory
References () https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02 - Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02 - Third Party Advisory, US Government Resource

11 May 2022, 14:38

Type Values Removed Values Added
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02 - Third Party Advisory, US Government Resource

10 Mar 2022, 17:45

Type Values Removed Values Added
References
  • (MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-02 -

22 Feb 2022, 22:15

Type Values Removed Values Added
References (CONFIRM) https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials - (CONFIRM) https://cybersecurity.bd.com/bulletins-and-patches/bd-viper-lt-system-%E2%80%93-hardcoded-credentials - Vendor Advisory
CPE cpe:2.3:h:bd:viper_lt_system:-:*:*:*:*:*:*:*
cpe:2.3:o:bd:viper_lt_system_firmware:*:*:*:*:*:*:*:*
CWE CWE-798
CVSS v2 : unknown
v3 : unknown
v2 : 4.6
v3 : 7.8

12 Feb 2022, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-12 03:15

Updated : 2024-11-21 06:47


NVD link : CVE-2022-22765

Mitre link : CVE-2022-22765

CVE.ORG link : CVE-2022-22765


JSON object : View

Products Affected

bd

  • viper_lt_system
  • viper_lt_system_firmware
CWE
CWE-798

Use of Hard-coded Credentials