CVE-2022-40263

BD Totalys MultiProcessor - Hardcoded Credentials

Description

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability.

Remediation

Solution:

  • This vulnerability is scheduled to be remediated in the BD Totalys MultiProcessor version 1.71 software release expected in the fourth quarter of 2022.

Workaround:

  • Ensure physical access controls are in place and only authorized end-users have access to the BD Totalys™ MultiProcessor. If the BD Totalys MultiProcessor must be connected to a network, ensure industry standard network security policies and procedures are followed.

Category

6.6
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Vendor Advisory bd.com
Affected: Becton Dickson (BD) BD Totalys MultiProcessor
Published at:
Updated at:

References

Link Tags
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-totalys-multiprocessor-hardcoded-credentials vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-40263?
CVE-2022-40263 has been scored as a medium severity vulnerability.
How to fix CVE-2022-40263?
To fix CVE-2022-40263: This vulnerability is scheduled to be remediated in the BD Totalys MultiProcessor version 1.71 software release expected in the fourth quarter of 2022.
Is CVE-2022-40263 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-40263 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-40263?
CVE-2022-40263 affects Becton Dickson (BD) BD Totalys MultiProcessor.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.