CVE-2022-43557 identifies a security vulnerability in the Becton, Dickinson and Company (BD) BodyGuard™ infusion pumps, specifically related to the RS-232 serial port interface. The vulnerability is classified under CWE-1299, which refers to a missing protection mechanism for an alternate hardware interface. In this case, the RS-232 port on the affected infusion pumps allows physical access to the device's configuration and operational controls without adequate security protections. Exploitation requires an attacker to have physical access to the pump, specialized equipment to interface with the serial port, and technical knowledge to manipulate the device. If successfully exploited, the attacker could potentially configure or disable the pump, impacting its intended medical functionality. Importantly, the pumps do not store electronic protected health information (ePHI), protected health information (PHI), or personally identifiable information (PII), so the confidentiality risk to patient data is minimal. However, the integrity and availability of the medical device are at risk, which could directly affect patient safety. The affected product versions include multiple editions of the BD BodyGuard™ and CME BodyGuard™ 323 series pumps. No public exploits have been reported in the wild, and no patches or firmware updates have been linked to this vulnerability as of the published date. The vulnerability was reserved in October 2022 and published in December 2022, with a medium severity rating assigned by the vendor. The lack of electronic data exposure reduces the risk of data breaches, but the ability to alter or disable the pump raises concerns about potential disruption to critical infusion therapy in clinical settings.

For European healthcare organizations, this vulnerability poses a risk primarily to the availability and integrity of infusion therapy devices. Successful exploitation could lead to pump misconfiguration or shutdown, potentially interrupting critical medication delivery to patients. This could result in adverse patient outcomes, especially in intensive care units or other high-dependency medical environments where infusion pumps are essential. While no patient data is at risk, the disruption of medical device functionality could increase the burden on healthcare staff and compromise patient safety. The requirement for physical access and specialized equipment limits the threat to insider attacks or targeted physical breaches rather than remote cyberattacks. However, given the critical role of infusion pumps in hospitals, any disruption could have significant operational and clinical impact. European healthcare providers relying on BD BodyGuard™ pumps should be aware of this risk, particularly in facilities with less stringent physical security controls or where devices are accessible to multiple personnel. The impact is less likely to extend beyond healthcare settings due to the specialized nature of the device and exploitation requirements.

1. Enforce strict physical security controls around infusion pumps, including secure storage and restricted access to devices, especially when not in use. 2. Implement inventory management and regular audits of infusion pumps to detect unauthorized access or tampering. 3. Train clinical and technical staff to recognize signs of device tampering or malfunction that could indicate exploitation attempts. 4. Collaborate with BD to monitor for firmware updates or patches addressing this vulnerability and apply them promptly once available. 5. Consider deploying tamper-evident seals or locks on serial port interfaces to deter unauthorized physical access. 6. Develop incident response procedures specific to infusion pump failures or suspicious behavior to ensure rapid mitigation and patient safety. 7. Evaluate alternative infusion pump models with enhanced hardware interface protections for future procurement decisions. 8. Limit the use of serial port interfaces for routine device management unless absolutely necessary, and document all access events.