{"id": "CVE-2022-43557", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 0.5}, {"type": "Secondary", "source": "cybersecurity@bd.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 0.5}]}, "published": "2022-12-05T22:15:11.157", "references": [{"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-bodyguard-pumps-rs-232-interface-vulnerability", "tags": ["Mitigation", "Vendor Advisory"], "source": "cybersecurity@bd.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "cybersecurity@bd.com", "description": [{"lang": "en", "value": "CWE-1299"}]}], "descriptions": [{"lang": "en", "value": "The BD BodyGuard\u2122 infusion pumps specified allow for access through the RS-232\u00a0(serial) port interface. If exploited, threat actors with physical access, specialized equipment and\u00a0knowledge may be able to configure or disable the pump. No electronic protected health information\u00a0(ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the\u00a0pump."}], "lastModified": "2023-10-27T21:15:08.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:bodyguard_999-603_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "093FC957-1538-4527-A3EA-6E7A0AFF5F24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:bodyguard_999-603:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F62210B-9BE2-48B8-BE9E-8C8752EE9357"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:bodyguard_duo_999-903_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A820DFD-CF7C-47DA-856C-05105FCB8E4B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:bodyguard_duo_999-903:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9A27B7FC-8BC6-4D22-9378-124960097B92"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:bodyguard_epidural_999-683_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FFF5B40-E6A0-4E72-884E-62D323004AD3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:bodyguard_epidural_999-683:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB4F922F-B7A7-4CC0-BB42-C0024CA5DB18"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:bodyguard_pain_manager_999-803_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4BE9912-5A3E-4F58-8A03-79C74F021D2A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:bodyguard_pain_manager_999-803:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F60BFC6-49DA-46BD-A0EA-5FF517F87747"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:bodyguard_t_999-103_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "962F010D-A907-4191-8886-5826AC8A6E0C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:bodyguard_t_999-103:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "73117ED4-FC44-4304-B3F1-DA30D37E6D54"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:bodyguard_323_colorvision_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D53213FF-B33A-43B6-97E4-96C3D9AB2459"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:bodyguard_323_colorvision:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "29711249-0DFE-45B7-A546-37B216E0E184"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:bodyguard_121_twins_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A1DB56C-C1C0-4152-B079-33065D2ABB17"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bd:bodyguard_121_twins:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DFE044C5-1CAE-43CC-8A99-8F2552490032"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@bd.com"}
