CVE-2017-6022 – This vulnerability involves hard-coded password... (How to Fix)

Q: What is the severity of CVE-2017-6022?

CVE-2017-6022 has a CVSS score of 9.8 (CRITICAL). This vulnerability involves hard-coded passwords in BD PerformA and KLA Journal Service software, allowing attackers to access the BD Kiestra Database containing protected health and personal information. Affected organizations include healthcare facilities using these specific BD laboratory automation products.

📋 TL;DR

This vulnerability involves hard-coded passwords in BD PerformA and KLA Journal Service software, allowing attackers to access the BD Kiestra Database containing protected health and personal information. Affected organizations include healthcare facilities using these specific BD laboratory automation products.

💻 Affected Systems

Products:

BD PerformA
KLA Journal Service

Versions: PerformA: 2.0.14.0 and prior; KLA Journal Service: 1.0.51 and prior

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using BD Kiestra Database for laboratory automation in healthcare settings.

📦 What is this software?

Kla Journal Service by Bd

View all CVEs affecting Kla Journal Service →

Performa by Bd

View all CVEs affecting Performa →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of PHI/PII data in the database, potential data exfiltration, and unauthorized access to sensitive patient information leading to regulatory violations and reputational damage.

🟠

Likely Case

Unauthorized database access leading to exposure of limited patient data, though exploitation requires network access to the database service.

🟢

If Mitigated

If proper network segmentation and access controls are implemented, the impact is limited to authorized network segments only.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires knowledge of hard-coded credentials and network access to the database service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: PerformA: 2.0.15.0; KLA Journal Service: 1.0.52

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01

Restart Required: Yes

Instructions:

1. Contact BD for updated software versions. 2. Install PerformA 2.0.15.0 or later. 3. Install KLA Journal Service 1.0.52 or later. 4. Restart affected services.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate BD Kiestra Database from untrusted networks and limit access to authorized systems only.

Credential Rotation

all

Change database passwords if possible, though this may break functionality if hard-coded.

🧯 If You Can't Patch

Implement strict network access controls to limit database access to authorized IP addresses only.
Monitor database access logs for unauthorized connection attempts using known hard-coded credentials.

🔍 How to Verify

Check if Vulnerable:

Check software version in application interface or installation directory. For PerformA, verify version is 2.0.14.0 or earlier. For KLA Journal Service, verify version is 1.0.51 or earlier.

Check Version:

Check application interface or consult BD documentation for version verification method.

Verify Fix Applied:

Confirm installation of PerformA 2.0.15.0+ or KLA Journal Service 1.0.52+ via version check.

📡 Detection & Monitoring

Log Indicators:

Database connection attempts using hard-coded credentials
Unauthorized access to BD Kiestra Database

Network Indicators:

Unexpected connections to database port (typically 1433 for SQL Server)
Traffic patterns indicating database enumeration

SIEM Query:

source="database_logs" AND (credential="hardcoded_password" OR user="default_user")

📊 Metadata

CVE ID: CVE-2017-6022

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-259

Published: June 30, 2017

Last Updated: April 20, 2025

🔗 References

http://www.securityfocus.com/bid/97057 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01 Mitigation,Third Party Advisory,US Government Resource
http://www.securityfocus.com/bid/97057 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01 Mitigation,Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-6022, you might also want to check these: