Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.
[
{
"product": "Baxter PrismaFlex and PrisMax",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PrismaFlex all versions, PrisMax all versions prior to 3.x"
}
]
}
]