Becton has released an alert to address a vulnerability in the following products:

• BD Viper LT system
  • All Versions 2.0 and later
• BD Pyxis Anesthesia Station ES
• BD Pyxis Anesthesia Station 4000
• BD Pyxis CATO
• BD Pyxis CIISafe
• BD Pyxis Inventory Connect
• BD Pyxis IV Prep
• BD Pyxis JITrBUD
• BD Pyxis KanBan RF
• BD Pyxis Logistics
• BD Pyxis Med Link Family
• BD Pyxis MedBank
• BD Pyxis MedStation 4000
• BD Pyxis MedStation ES
• BD Pyxis MedStation ES Server
• BD Pyxis ParAssist
• BD Pyxis PharmoPack
• BD Pyxis ProcedureStation (including EC)
• BD Pyxis Rapid Rx
• BD Pyxis StockStation
• BD Pyxis SupplyCenter
• BD Pyxis SupplyRoller
• BD Pyxis SupplyStation (including RF, EC, CP)
• BD Pyxis Track and Deliver
• BD Rowa Pouch Packaging Systems

An Attacker could exploit this vulnerability by accessing, modifying, or deleting sensitive information.

Becton recommends the following best practices until an update is released:

• Limit physical access to the device to only authorized personnel.
• Tightly control management of BD Pyxis system credentials provided to authorized users.
• Isolate affected products in a secure VLAN or behind firewalls with restricted access that only permits communication with trusted hosts in other networks when needed.
• Monitor and log all network traffic attempting to reach the affected products for suspicious activity.
• Work with a BD support team to ensure all patching and virus definitions are up to date. The Pyxis Security Module for automated patching and virus definition management is provided to all accounts.