CVE-2022-30277

BD Synapsys™ – Insufficient Session Expiration

Description

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).

Remediation

Solution:

  • BD Synapsys™ v4.20 SR2 will be released in June 2022 and will remediate this vulnerability. Customers receiving BD Synapsys™ v4.30 will be allowed to upgrade to v5.10, which is expected to be available by August 2022.

Workaround:

  • Configure the inactivity session timeout in the operating system to match the session expiration timeout in BD Synapsys™. Ensure physical access controls are in place and only authorized end-users have access to BD Synapsys™ workstations. Place a reminder at each computer for users to logout when leaving the BD Synapsys™ workstation. Ensure industry standard network security policies and procedures are followed.

Category

5.7
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.06%
Vendor Advisory bd.com
Affected: Becton Dickinson (BD) BD Synapsys™
Published at:
Updated at:

References

Link Tags
https://cybersecurity.bd.com/bulletins-and-patches/bd-synapsys-insufficient-session-expiration vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-30277?
CVE-2022-30277 has been scored as a medium severity vulnerability.
How to fix CVE-2022-30277?
To fix CVE-2022-30277: BD Synapsys™ v4.20 SR2 will be released in June 2022 and will remediate this vulnerability. Customers receiving BD Synapsys™ v4.30 will be allowed to upgrade to v5.10, which is expected to be available by August 2022.
Is CVE-2022-30277 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-30277 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-30277?
CVE-2022-30277 affects Becton Dickinson (BD) BD Synapsys™.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.