BD BodyGuard Pumps
Monitor5.3ICS-CERT ICSMA-22-335-01Dec 1, 2022
Attack VectorPhysical
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
BD BodyGuard infusion pumps (all versions) contain a vulnerability in the RS-232 serial interface that could allow an attacker with physical access to change configuration settings or disable the pump. The vulnerability has high attack complexity and is not remotely exploitable. BD has not released a firmware update and states no fix is available for any affected product versions.
What this means
What could happen
An attacker with physical access to the RS-232 interface could change pump configuration settings or disable the pump, potentially stopping critical infusion delivery to patients.
Who's at risk
This affects healthcare facilities and ambulatory care settings using BD BodyGuard infusion pumps (all versions including CME BodyGuard 323, Color Vision variants, and Twins models). Biomedical equipment technicians, nursing staff, and maintenance personnel who work near these pumps should be aware of the physical security requirement.
How it could be exploited
An attacker must gain physical access to the BD BodyGuard pump and connect equipment (such as a computer or command device) to its RS-232 interface. Once connected, they can send commands to alter configuration settings or stop pump operation.
Prerequisites
- Physical access to the pump and its RS-232 serial port
- Equipment capable of communicating via RS-232 serial protocol
- Knowledge of BD pump command protocols
- Pump must not be actively delivering infusion at time of attack
High attack complexityPhysical access requiredNo vendor patch availableAffects medical device delivering critical therapyNo known public exploits
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (5)
5 EOL
ProductAffected VersionsFix Status
BD BodyGuardAll versionsNo fix (EOL)
BodyGuard Pumps: CME BodyGuard 323 Color Vision (2nd Edition)2nd EditionNo fix (EOL)
BodyGuard Pumps: CME BodyGuard 323 Color Vision (3rd Edition)3rd EditionNo fix (EOL)
BodyGuard Pumps: CME BodyGuard Twins (2nd Edition)2nd EditionNo fix (EOL)
BodyGuard Pumps: CME BodyGuard 323 (2nd Edition)2nd EditionNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/3HARDENINGEnsure physical access controls are in place so only authorized staff can access the affected pumps
HARDENINGAllow only BD-approved equipment to be connected to the RS-232 interface
WORKAROUNDDisconnect all equipment from the RS-232 interface while the pump is actively delivering infusions
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGProtect any connected computers running BodyComm software with standard security measures (firewall, antivirus, patches)
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: BD BodyGuard, BodyGuard Pumps: CME BodyGuard 323 Color Vision (2nd Edition), BodyGuard Pumps: CME BodyGuard 323 Color Vision (3rd Edition), BodyGuard Pumps: CME BodyGuard Twins (2nd Edition), BodyGuard Pumps: CME BodyGuard 323 (2nd Edition). Apply the following compensating controls:
HARDENINGIsolate pump control networks from business networks behind a firewall
HARDENINGEnsure pumps are not accessible from the Internet and minimize network exposure
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b8fed702-e31b-43ef-a021-222e8b9c53a1