true
BD BodyGuard™ Pumps – RS-232 Interface Vulnerability

Background

BD communicates with our customers about cybersecurity vulnerabilities to help healthcare providers manage potential risks through awareness and guidance.

This notification provides product security information and recommendations related to a security vulnerability found within specified versions of BD BodyGuard™ infusion pumps, which are not sold in the U.S.

As a routine practice, BD has voluntarily shared this vulnerability with the U.S. Food and Drug Administration (FDA), the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and Information Sharing and Analysis Organizations (ISAOs) where BD participates. Read Coordinated Vulnerability Disclosure to learn more about our disclosure process.

Products in Scope

This notification applies to the following BD BodyGuard™ products:

  • BD BodyGuard™
  • CME BodyGuard™ 323 (2nd Edition)
  • CME BodyGuard™ 323 Color Vision (2nd Edition)
  • CME BodyGuard™ 323 Color Vision (3rd Edition)
  • CME BodyGuard™ Twins (2nd Edition)

 

Please note: The products listed in this bulletin are not sold in the U.S.

Vulnerability Details

  • CVE-2022-43557 – The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump. 

Vulnerability Score

BD is authorized as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA) by the CVE® Program. As a CNA, BD is authorized to assign CVE identification numbers to newly discovered vulnerabilities in its software-enabled products, which includes using the Common Weakness Enumeration (CWE™) system to classify vulnerability types and applying the Common Vulnerability Scoring System (CVSS) to communicate vulnerability characteristics and severity. BD assigned the following CVSS score to this vulnerability:

CVSS: 5.3 (Medium) CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H  

Rationale: A physical attack vector is required to exploit this vulnerability on the BD BodyGuard™ pump. A threat actor would have to physically connect to the enabled RS-232 interface—which limits the attack surface. A successful attack against the pump via the RS-232 interface would require the attacker to have some knowledge of the pump to execute successful commands. The attacker would require no prior authentication to control the pump including the ability to read and then change configurations when leveraging the RS-232 interface. Any such attack would have partial impact to confidentiality and integrity and high impact to availability, as the loss of access to the pump technician codes in the wake of adverse infusion configuration changes would render the pump no longer usable.

Patient Safety Assessment

BD assessed this vulnerability for potential patient safety impact and determined that there is a low probability of harm occurring, since the pump Directions for Use do not include any requirement to use the RS-232 port during clinical use.

Mitigations & Compensating Controls

BD recommends the following mitigations and compensating controls to reduce risk associated with this vulnerability:

  • Ensure physical access controls are in place and only authorized end-users have access to
  • BD BodyGuard™ pumps.
  • Ensure that only BD-approved equipment is connected to the RS-232 interface of the affected pumps.
  • Ensure that no equipment is connected to the RS-232 interface when the affected pumps are delivering infusions.
  • Protect connected computer systems with BodyComm™ software with standard security measures.

Additional Resources

For product- or site-specific concerns, contact your BD service representative