CVE-2022-43557
Last modified
CVE-2022-43557 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.
Metrics
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Bd | Bodyguard 999-603 Firmware | All versions |
| Bd | Bodyguard Duo 999-903 Firmware | All versions |
| Bd | Bodyguard Epidural 999-683 Firmware | All versions |
| Bd | Bodyguard Pain Manager 999-803 Firmware | All versions |
| Bd | Bodyguard T 999-103 Firmware | All versions |
| Bd | Bodyguard 323 Colorvision Firmware | All versions |
| Bd | Bodyguard 121 Twins Firmware | All versions |
References
- https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-bodyguard-pumps-rs-232-interface-vulnerabilityMitigation, Vendor Advisory
- https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-bodyguard-pumps-rs-232-interface-vulnerabilityMitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-43557?
How severe is CVE-2022-43557?
How do I fix CVE-2022-43557?
Are you affected by CVE-2022-43557?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST