CVE-2022-22766

Name: CVE-2022-22766
Creator: NVD / NIST
Published: 2022-02-11T19:15:08.85+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.22%

Last modified Jun 17, 2026

CVE-2022-22766 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.. EPSS estimates a 0.22% chance of exploitation in the next 30 days.

Description

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.22%

12.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Bd	Pyxis Anesthesia Station Es Firmware	All versions
Bd	Pyxis Anesthesia Station 4000 Firmware	All versions
Bd	Pyxis Cato Firmware	All versions
Bd	Pyxis Ciisafe Firmware	All versions
Bd	Pyxis Inventory Connect Firmware	All versions
Bd	Pyxis Iv Prep Firmware	All versions
Bd	Pyxis Jitrbud Firmware	All versions
Bd	Pyxis Kanban Rf Firmware	All versions
Bd	Pyxis Logistics Firmware	All versions
Bd	Pyxis Med Link Family Firmware	All versions
Bd	Pyxis Medbank Firmware	All versions
Bd	Pyxis Medstation 4000 Firmware	All versions
Bd	Pyxis Medstation Es Firmware	All versions
Bd	Pyxis Medstation Es Server Firmware	All versions
Bd	Pyxis Parassist Firmware	All versions
Bd	Pyxis Pharmopack Firmware	All versions
Bd	Pyxis Procedurestation Firmware	All versions
Bd	Pyxis Rapid Rx Firmware	All versions
Bd	Pyxis Stockstation Firmware	All versions
Bd	Pyxis Supplycenter Firmware	All versions
Bd	Pyxis Supplyroller Firmware	All versions
Bd	Pyxis Supplystation Firmware	All versions
Bd	Pyxis Track And Deliver Firmware	All versions
Bd	Rowa Pouch Packaging Systems Firmware	All versions

References

https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentialsVendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01Third Party Advisory, US Government Resource
https://cybersecurity.bd.com/bulletins-and-patches/bd-pyxis-products---hardcoded-credentialsVendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsma-22-062-01Third Party Advisory, US Government Resource

Timeline

Published: Feb 11, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-22766?

How severe is CVE-2022-22766?

CVE-2022-22766 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.22% probability of exploitation in the next 30 days.

How do I fix CVE-2022-22766?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-22766?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST