188 matches found
CVE-2022-26390
The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...
Information disclosure
The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...
CVE-2022-26390 Unencrypted internal storage of security credentials
The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...
CVE-2022-26390
CVE-2022-26390 affects Baxter SIGMA Spectrum/Spectrum/WBM: Wireless Battery Module versions (e.g., v16, v16D38, v17, v17D19, v20D29–v20D32, v22D19–v22D28) where network credentials and PHI stored in unencrypted form on the WBM. Exploitation requires physical access to a device that hasn’t had dat...
CVE-2022-30277
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and...
Session fixation
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and...
CVE-2022-30277
BD Synapsys, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability (CWE-613) that could allow a threat actor to access, modify, or delete sensitive data (ePHI/PHI/PII). Exploitation is not remotely exploitable per available documents. CVSS v3 base score: 5.7 ...
CVE-2022-30277 BD Synapsys™ – Insufficient Session Expiration
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and...
BD Synapsys
1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company BD Equipment: Synapsys Vulnerability: Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access, modify, or delete...
For Health Insurance Companies, Web Apps Can Be an Open Wound
At IntSights, a Rapid7 company, our goal is to ensure organizations everywhere understand the threats facing them in today's cyber landscape. With this in mind, we took a focused look at the insurance industry — a highly targeted vertical due to the amount of valuable data these organizations hol...
CVE-2022-22765
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable information...
Hardcoded credentials
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable information...
CVE-2022-22765 BD Viper LT System - Hardcoded Credentials
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable information...
CVE-2022-22765
BD Viper LT system (BD) is affected for all versions 2.0 and later due to use of hard-coded credentials (CWE-798). The ICS advisory icsma-22-062-02 documents that an attacker could access, modify, or delete ePHI, PHI, and PII. The 4.0+ Windows 10 hardening in newer releases raises attack complexi...
Automating and operationalizing data protection with Dataguise and Microsoft Information Protection
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. In technical literature, the terms data discovery, classification, and tagging are sometimes used interchangeably, but there are real differences in what they actually mean—and each...
Critical, Unpatched Bug Opens GE Radiological Devices to Remote Code Execution
A pair of critical vulnerabilities have been discovered in dozens of GE Healthcare radiological devices popular in hospitals, which could allow an attacker to gain access to sensitive personal health information PHI, alter data and even shut the machine’s availability down. The flaws affect 100...
CVE-2020-28937
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information PHI stored in the application, via a direct request for the /tests/ URI...
Authentication flaw
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information PHI stored in the application, via a direct request for the /tests/ URI...
CVE-2020-28937
CVE-2020-28937 affects OpenClinic 0.8.2. A missing authentication issue allows unauthenticated users to access a patient’s medical test results via direct requests to the /tests/ URI, potentially exposing PHI. The vulnerability is highlighted in multiple sources (NVD entry, ThreatPost report) as ...
CVE-2020-28937
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information PHI stored in the application, via a direct request for the /tests/ URI...