Baxter Phoenix Hemodialysis Delivery System (Update A)

🗓️ 18 Jun 2020 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 34 Views

Baxter Phoenix Hemodialysis Delivery System (Update A) is vulnerable to cleartext transmission of sensitive information, potentially allowing unauthorized network access to view treatment and prescription data. Mitigations include network segmentation, VPN connections, and firewalling network segments. CISA recommends defensive measures to minimize exploitation risk, and users should refer to FDA's cybersecurity in medical device guidance for additional information

Reporter	Title	Published	Views	Family All 7
CNVD	Baxter Phoenix Hemodialysis Delivery System Information Disclosure Vulnerability	19 Jun 202000:00	–	cnvd
CVE	CVE-2020-12048	29 Jun 202013:48	–	cve
Cvelist	CVE-2020-12048	29 Jun 202013:48	–	cvelist
EUVD	EUVD-2020-4364	7 Oct 202500:30	–	euvd
NVD	CVE-2020-12048	29 Jun 202014:15	–	nvd
Prion	Design/Logic Flaw	29 Jun 202014:15	–	prion
RedhatCVE	CVE-2020-12048	9 Jan 202609:57	–	redhatcve

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsma-20-170-03.json
cisa	www.cisa.gov/news-events/ics-medical-advisories/icsma-20-170-03
fda	www.fda.gov/medical-devices/digital-health/cybersecurity
us-cert	www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
us-cert	www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B

18 Jun 2020 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 25

CVSS 3.17.5

EPSS0.00061