A hard-coded credential vulnerability in medical laboratory equipment used for cervical cancer screenings could allow an attacker to modify sensitive patient information, according to an Oct. 4 warning from BD and the Cybersecurity and Infrastructure Security Agency.
Manufacturer BD and CISA said the flaw affects the BD Totalys MultiProcessor versions 1.70 and earlier.
The flaw allows attackers to use hard-coded credentials that could give them access to, modify or delete sensitive information, including electronic protected health information and personally identifiable information.
According to BD, there have been no reports of the vulnerability being exploited, including in clinical settings.
BD says it is currently working to remedy the flaw and that a software update, set to release in the fourth quarter of 2022, should fix it.