CVE-2022-43557 [Medium] | Security Vulnerability in Bodyguard 999-603 Firmware

The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-10	0.15%	0.11%	-0.05%
2	2025-11-21	0.11%	0.15%	+0.05%
3	2025-11-18	—	0.11%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-12-10

0.15%

0.11%

-0.05%

2025-11-21

0.11%

0.15%

+0.05%

2025-11-18

—

0.11%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.3	3.1	MEDIUM	`CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H` Click to expand Attack vector (AV:P) Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:L) Some sensitive info could get out, but not a total data dump. Integrity (I:L) Attackers could change some data, but it’s limited—not everything goes. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	0.5	4.7	[email protected]
5.3	3.1	MEDIUM	`CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H` Click to expand Attack vector (AV:P) Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:L) Some sensitive info could get out, but not a total data dump. Integrity (I:L) Attackers could change some data, but it’s limited—not everything goes. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	0.5	4.7	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.3

3.1

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Click to expand

Attack vector (AV:P): Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:L): Some sensitive info could get out, but not a total data dump.
Integrity (I:L): Attackers could change some data, but it’s limited—not everything goes.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

0.5

4.7

[email protected]

5.3

3.1

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Click to expand

Attack vector (AV:P): Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:L): Some sensitive info could get out, but not a total data dump.
Integrity (I:L): Attackers could change some data, but it’s limited—not everything goes.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

0.5

4.7

[email protected]

Affected software / configurations for CVE-2022-43557

Vendor	Product	Version	Raw CPE
bd	bodyguard_999-603_firmware	—	cpe:2.3:o:bd:bodyguard_999-603_firmware:-:::::::*
bd	bodyguard_duo_999-903_firmware	—	cpe:2.3:o:bd:bodyguard_duo_999-903_firmware:-:::::::*
bd	bodyguard_epidural_999-683_firmware	—	cpe:2.3:o:bd:bodyguard_epidural_999-683_firmware:-:::::::*
bd	bodyguard_pain_manager_999-803_firmware	—	cpe:2.3:o:bd:bodyguard_pain_manager_999-803_firmware:-:::::::*
bd	bodyguard_t_999-103_firmware	—	cpe:2.3:o:bd:bodyguard_t_999-103_firmware:-:::::::*
bd	bodyguard_323_colorvision_firmware	—	cpe:2.3:o:bd:bodyguard_323_colorvision_firmware:-:::::::*
bd	bodyguard_121_twins_firmware	—	cpe:2.3:o:bd:bodyguard_121_twins_firmware:-:::::::*

References for CVE-2022-43557

URL	Tags
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-bodyguard-pumps-rs-232-interface-vulnerability	Mitigation Vendor Advisory

URL

CVE-2022-43557 | BD BodyGuard™ Pumps – RS-232 Interface Vulnerability

Exploit prediction scoring system (EPSS) score for CVE-2022-43557

Common vulnerability scoring system (CVSS) metrics for CVE-2022-43557

Weakness enumeration for CVE-2022-43557

Affected software / configurations for CVE-2022-43557

References for CVE-2022-43557