CVE-2022-40263

Name of the Vulnerable Software and Affected Versions BD Totalys MultiProcessor versions 1.70 and earlier

Description The issue concerns hardcoded credentials in the software, which could allow threat actors to access, modify, or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI), and personally identifiable information (PII). For customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10, additional operating system hardening configurations increase the complexity required to exploit this issue.

Recommendations For BD Totalys MultiProcessor versions 1.70 and earlier, consider changing the hardcoded credentials to unique, secure credentials as a mitigation measure. As a temporary workaround, restrict access to sensitive information until a more permanent solution is available. For version 1.70 used with Microsoft Windows 10, ensure the additional operating system hardening configurations are properly implemented to increase the attack complexity required for exploitation.