209 matches found
Baxter Spectrum 安全漏洞
Baxter Spectrum is an infusion pump from Baxter USA. The Baxter Sigma and Baxter Spectrum Infusion Pumps have a security vulnerability that stems from the fact that they store network credentials and patient health information PHI in unencrypted form.PHI is stored using an automated program only ...
A Bootiful Podcast: Spring Cloud and Spring Cloud Kubernetes contributor Ryan Baxter
Hi, Spring fans! In this episode, Josh Long @starbuxman talks to a person who knows more than most about the awesome implications of both the words "Spring" and "Cloud," Spring Cloud Kubernetes lead Ryan Baxter @ryanjbaxter...
Hillrom Medical Device Management
1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hillrom Medical. Welch Allyn, and ELI are registered trademarks of Baxter International, Inc., or its subsidiaries. Equipment: Welch Allyn medical devices Vulnerabilities: Use of Hard-coded Password,...
CVE-2020-12032
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI...
CVE-2020-12024
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...
CVE-2020-12043
The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24 when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted...
CVE-2020-12037
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...
CVE-2020-12043
The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24 when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted...
CVE-2020-12047
The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24, when used with a Baxter Spectrum v8.x model 35700BAX2 in a factory-default wireless configuration enables an FTP service with hard-coded credentials...
CVE-2020-12036
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...
CVE-2020-12039
Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration value...
CVE-2020-12040
Sigma Spectrum Infusion System v's6.x model 35700BAX and Baxter Spectrum Infusion System Versions 8.x model 35700BAX2 at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has...
CVE-2020-12012
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials f...
CVE-2020-12020
Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an...
CVE-2020-12039
Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration value...
CVE-2020-12041
The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24 telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to netwo...
CVE-2020-12036
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...
CVE-2020-12047
The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24, when used with a Baxter Spectrum v8.x model 35700BAX2 in a factory-default wireless configuration enables an FTP service with hard-coded credentials...
CVE-2020-12040
Sigma Spectrum Infusion System v's6.x model 35700BAX and Baxter Spectrum Infusion System Versions 8.x model 35700BAX2 at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has...
CVE-2020-12016
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account...