209 matches found
CVE-2020-12036
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...
CVE-2020-12008
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI...
CVE-2020-12045
The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24 when used in conjunction with a Baxter Spectrum v8.x model 35700BAX2, operates a Telnet service on Port 1023 with hard-coded credentials...
CVE-2024-6796
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content...
Baxter Life2000 安全漏洞
Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A security vulnerability exists in Baxter Life2000 version 06.08.00.00 and prior versions, which originated when enabled by default, that allows sending and receiving of unencrypted messages, which could result in unauthorized...
Baxter Life2000 安全漏洞
The Baxter Life2000 is a mask-less noninvasive ventilator from Baxter. A security vulnerability exists in the Baxter Life2000 that stems from an unlimited number of login failures allowed using the clinician password or serial number clinician password, which allows an attacker to perform a brute...
Baxter Life2000 安全漏洞
The Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A security vulnerability exists in Baxter Life2000 version 06.08.00.00 and earlier, which stems from a lack of memory protection and allows an attacker to read or write to flash memory via the JTAG interface, potentially...
Baxter Life2000 访问控制错误漏洞
The Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. An access control error vulnerability exists in Baxter Life2000 version 06.08.00.00 and prior, which stems from unsupported user authentication, allowing an attacker to obtain diagnostic information or manipulate device...
Baxter Life2000 信任管理问题漏洞
The Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A trust management issue vulnerability exists in Baxter Life2000 version 06.08.00.00 and prior versions, which stems from the clinician password and serial number clinician password, hardcoded in plaintext in the device, whic...
Baxter Life2000 安全漏洞
The Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A security vulnerability exists in the Baxter Life2000 that stems from improper data protection on the ventilator's serial interface, which could allow an attacker to send and receive messages that could have an unintended...
Baxter Life2000 安全漏洞
The Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A security vulnerability exists in Baxter Life2000 version 06.08.00.00 and prior versions, which stems from the lack of sufficient audit logging functionality to detect malicious activity and perform subsequent forensic...
Baxter Life2000 安全漏洞
The Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A security vulnerability exists in Baxter Life2000 version 06.08.00.00 and earlier, which stems from improper file integrity checking when applying a firmware update, allowing an attacker to push a compromised or illegal...
CVE-2024-6796
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content...
CVE-2024-6796
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content...
CVE-2024-6796 Vulnerability in Baxter Connex Health Portal
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content...
CVE-2024-6796 Vulnerability in Baxter Connex Health Portal
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content...
CVE-2024-6796
Baxter Connex Health Portal has an improper access control vulnerability (CVE-2024-6796) affecting versions prior to 8/30/2024, enabling an unauthenticated remote attacker to access/modify the portal’s database. Exploitation details are not provided in the documents; the CVSSv3.1 base score is 8....
CVE-2024-6795 Vulnerability in Baxter Connex Health Portal
In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database. An attacker could have submitted a crafted payload to Connex portal that could have resulted in...
Baxter Connex Health Portal 安全漏洞
The Baxter Connex Health Portal is a web portal for medical instruments from Baxter USA. A security vulnerability exists in the Baxter Connex Health Portal that stems from the inclusion of a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to th...
Baxter Connex Health Portal
View CSAF 1. EXECUTIVE SUMMARY CVSS v3.1 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Baxter Equipment : Connex Health Portal Vulnerabilities : SQL Injection, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to...