18 matches found
EUVD-2020-4353
Malware in sbrugna...
EUVD-2020-4352
Malware in sbrugna...
CVE-2020-12037
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...
CVE-2020-12036
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...
CVE-2020-12035
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings...
CVE-2020-12037
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...
CVE-2020-12036
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...
Design/Logic Flaw
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...
Hardcoded credentials
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings...
Design/Logic Flaw
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...
CVE-2020-12036
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...
CVE-2020-12036
CVE-2020-12036 affects Baxter PrismaFlex (all versions) and PrisMax (all versions prior to 3.x). The root cause is lack of data-in-transit encryption (no TLS/SSL) when these devices send treatment data to a PDMS or EMR, enabling an attacker with network access to observe sensitive data. The ICS a...
CVE-2020-12035
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings...
CVE-2020-12035
CVE-2020-12035 affects Baxter PrismaFlex (all versions) and PrisMax (all versions prior to 3.x). Root cause is a hard-coded service password that grants access to biomedical information, device settings, calibration settings, and network configuration, enabling an attacker to modify device settin...
CVE-2020-12037
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...
CVE-2020-12037
CVE-2020-12037 affects Baxter PrismaFlex (all versions) and PrisMax (all versions before 3.x). The root cause is a hard-coded service password (CWE-259), enabling an attacker to access device settings, calibration data, and network configuration. The ICS update also notes lack of data-in-transit ...
Baxter PrismaFlex and PrismMax Trust Management Issues Vulnerabilities
The Baxter PrismaFlex and PrismMax are both critical care devices from Baxter, Inc. A trust management issue vulnerability exists in Baxter PrismaFlex all versions and PrismMax prior to version 3.x. The vulnerability stems from a lack of authentication on the device and can be exploited by an...
Baxter PrismaFlex and PrisMax (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: PrismaFlex and PrisMax Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Authentication, Use of Hard-Coded Password 2. UPDATE INFORMATION This updated...