CVE-2020-12036

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...

Baxter PrismaFlex and PrismMax Information Disclosure Vulnerabilities

The Baxter PrismaFlex and PrismMax are both critical care devices from Baxter. An information disclosure vulnerability exists in Baxter PrismaFlex all versions and PrismMax prior to version 3.x. The vulnerability stems from the failure of an affected device to encrypt e.g., TLS/SSL transmitted da...

Baxter PrismaFlex Hardcoding Vulnerability

The Baxter PrismaFlex is a critical care device from Baxter. A hard-coded vulnerability exists in Baxter PrismaFlex all versions that stems from the fact that PrismaFlex contains a hard-coded service password that can be exploited by an attacker to modify device settings and calibration values...