The DHS has posted one notice about the Pyxis device each year from 2018 to 2020. While no new vulnerabilities emerged last year, two alerts were given in 2022 with the latest coming weeks after the department flagged a risk related to the use of hard-coded credentials after being told about the problem by BD.
The latest notice stems from the fact that some Pyxis products may still operate with their default credentials. Multiple products may have the same default credentials that are shared across product types, potentially opening a door through which an attacker could gain privileged access to the file system.
