CVE-2022-40263

low-risk
Published 2022-11-04

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.6/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Totalys Multiprocessor Firmware

Affected Vendors

Bd

References (2)

Vendor Advisory https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-totalys-multiprocess...
Vendor Advisory https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-totalys-multiprocess...
26
/ 100
low-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal