CVE-2020-12035

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings...

CVE-2020-12035

CVE-2020-12035 affects Baxter PrismaFlex (all versions) and PrisMax (all versions prior to 3.x). Root cause is a hard-coded service password that grants access to biomedical information, device settings, calibration settings, and network configuration, enabling an attacker to modify device settin...

CVE-2020-12045

The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24 when used in conjunction with a Baxter Spectrum v8.x model 35700BAX2, operates a Telnet service on Port 1023 with hard-coded credentials...

CVE-2020-12045

CVE-2020-12045 affects Baxter Spectrum WBM when used with Baxter Spectrum v8.x; the WBM runs a Telnet service on port 1023 with hard-coded credentials. Connected sources document a Telnet exposure tied to WBM/Spectrum configurations and assign high/severe CVSS values (up to 9.8) for this vulnerab...

CVE-2020-12047

CVE-2020-12047 affects Baxter Spectrum WBM when used with Spectrum v8.x (model 35700BAX2) in factory-default wireless config; the WBM enables an FTP service with hard-coded credentials (versions v17, v20D29–v20D32, v22D24). Root cause: hard-coded credentials enabling FTP access. Impact per source...

Baxter Sigma Spectrum Infusion System and Spectrum Infusion System Trust Management Issues Vulnerabilities

The Baxter Sigma Spectrum Infusion System and the Baxter Spectrum Infusion System are both infusion pumps from Baxter, Inc. A trust management issue vulnerability exists in the Baxter Sigma Spectrum Infusion System version 6.x model 35700BAX and the Baxter Spectrum Infusion System version 8.x mod...

Baxter ExactaMix EM2400 and ExactaMix EM1200 Trust Management Issues Vulnerability

The Baxter ExactaMix EM2400 and ExactaMix EM1200 are both automated drug mixing systems from Baxter. A trust management issue vulnerability exists in the Baxter ExactaMix EM2400 and ExactaMix EM1200, which stems from hard-coded credentials used in the admin account of the ExactaMix operating...

Baxter Spectrum WBM Trust Management Issues Vulnerability

The Baxter WBM and Baxter Spectrum are both products of Baxter, Inc.The Baxter WBM is a wireless battery module for use with Baxter products.The Baxter Spectrum is an infusion pump. The WBM used in the Baxter Spectrum has a security vulnerability that can be exploited by an attacker to run Telnet...

Baxter PrismaFlex Hardcoding Vulnerability

The Baxter PrismaFlex is a critical care device from Baxter. A hard-coded vulnerability exists in Baxter PrismaFlex all versions that stems from the fact that PrismaFlex contains a hard-coded service password that can be exploited by an attacker to modify device settings and calibration values...

Baxter ExactaMix EM2400 and ExactaMix EM1200 Trust Management Issues Vulnerability (CNVD-2021-21074)

The Baxter ExactaMix EM2400 and ExactaMix EM1200 are both automated drug mixing systems from Baxter. A trust management issue vulnerability exists in the Baxter ExactaMix EM2400 and ExactaMix EM1200, which stems from the ExactaMix application's use of hard-coded administrative account credentials...

Baxter Sigma Spectrum Infusion Pumps (Update B)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Baxter Equipment: Sigma Spectrum Infusion Pumps Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Incorrect Permission Assignment for Critical Resource, Operation on...

Baxter PrismaFlex and PrisMax (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: PrismaFlex and PrisMax Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Authentication, Use of Hard-Coded Password 2. UPDATE INFORMATION This updated...

Baxter ExactaMix (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: Baxter ExactaMix EM 2400 & EM 1200 Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Missing Encryption of Sensitive Data, Improper Access...

Schneider Electric Unity Loader and OS Loader Software Trust Management Issues Vulnerability

Schneider Electric Unity Loader and OS Loader Software are both products of Schneider Electric, France.Unity Loader is a data exchange utility program.OS Loader Software is a system loading utility program. A trust management issue vulnerability exists in Schneider Electric Unity Loader and OS...

CVE-2020-9289

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...

CVE-2020-7498

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...

CVE-2020-7501

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic V1.1 HotFix 16 and prior and Vijeo Designer V6.2 SP9 and prior which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer...

CVE-2020-7501

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic V1.1 HotFix 16 and prior and Vijeo Designer V6.2 SP9 and prior which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer...

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic V1.1 HotFix 16 and prior and Vijeo Designer V6.2 SP9 and prior which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer...