CVE-2024-5176

Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior...

CVE-2024-5176 Vulnerability in Welch Allyn Configuration Tool Software

Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior...

CVE-2024-1275 Vulnerability in Baxter Welch Allyn Connex Spot Monitor

Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52...

Baxter Welch Ally Connex Spot Monitor Security Vulnerability

Baxter Welch Ally Connex Spot Monitor is a monitor from Baxter, Inc. A security vulnerability exists in Baxter Welch Ally Connex Spot Monitor versions prior to 1.52 that stems from the use of a default encryption key...

Baxter Welch Allyn Configuration Tool Security Vulnerability

The Baxter Welch Allyn Configuration Tool is a monitor from Baxter, Inc. A security vulnerability exists in Baxter Welch Allyn Configuration Tool version 1.9.4.1 and prior versions, which stems from insufficient credential protection in the Configuration Tool and could allow remote servicing with...

Baxter Welch Allyn Connex Spot Monitor

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION : Exploitable remotely Vendor : Baxter Equipment : Welch Allyn Connex Spot Monitor CSM Vulnerability : Use of Default Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify device...

Baxter Welch Allyn Configuration Tool

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION : Exploitable remotely Vendor : Baxter Equipment : Welch Allyn Configuration Tool Vulnerability : Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the unintended exposure of...

CISA Releases Six Industrial Control Systems Advisories

CISA has released six 6 Industrial Control Systems ICS advisories on September 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for...

CVE-2022-26394

The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail...

CVE-2022-26390

The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...

CVE-2022-26393

The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service DoS on the WBM...

CVE-2022-26392

The Baxter Spectrum WBM v16, v16D38 and Baxter Spectrum WBM v17, v17D19, v20D29 to v20D32 when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information...

CVE-2022-26393

The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service DoS on the WBM...

CVE-2022-26394

The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail...

CVE-2022-26392

The Baxter Spectrum WBM v16, v16D38 and Baxter Spectrum WBM v17, v17D19, v20D29 to v20D32 when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information...

CVE-2022-26390

The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...

Format string

The Baxter Spectrum WBM v16, v16D38 and Baxter Spectrum WBM v17, v17D19, v20D29 to v20D32 when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information...

Information disclosure

The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...

Authentication flaw

The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail...

Format string

The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service DoS on the WBM...