37 matches found
CVE-2014-5432
Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access...
Command injection
Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access...
Design/Logic Flaw
An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16, which may allow an attacker to gain access the hos...
Hardcoded credentials
Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password...
CVE-2014-5431
Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password...
CVE-2014-5433
An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16, which may allow an attacker to gain access the hos...
CVE-2014-5431
CVE-2014-5431 affects Baxter SIGMA Spectrum Infusion System 6.05 with Wireless Battery Module 16. The issue is a hard-coded password that grants access to WBM management functions, enabling unauthorized configuration changes (e.g., wireless status and phase-complete audible alarm). The vulnerabil...
Hardcoded credentials
Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new...
CVE-2014-5434
Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new...
CVE-2014-5432
CVE-2014-5432 affects Baxter SIGMA Spectrum Infusion System v6.05 (model 35700BAX) with Wireless Battery Module (WBM) v16. The root cause includes unauthenticated remote SSH access (Port 22) and related credential exposure. Consequences: remote attacker could modify WBM configuration and retrieve...
CVE-2014-5432
Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access...
CVE-2014-5433
An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16, which may allow an attacker to gain access the hos...
CVE-2014-5433
CVE-2014-5433 affects Baxter’s SIGMA Spectrum Infusion System (Version 6.05, model 35700BAX) with the Wireless Battery Module (WBM) Version 16. The connected disclosures describe multiple issues: a hard-coded password enabling unauthorized management access (CWE-259), an authentication bypass tie...
CVE-2014-5434
The CVE-2014-5434 entry concerns Baxter’s SIGMA Spectrum Infusion System: version 6.05 (model 35700BAX) with Wireless Battery Module (WBM) version 16, which contains a default, hard-coded credential used with FTP. The vulnerability allows remote access in some vectors (three vulnerabilities remot...
CVE-2014-5434
Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new...
Baxter SIGMA Spectrum Infusion System Local Security Bypass Vulnerability
The Baxter SIGMA Spectrum Infusion System is an intelligent infusion system from Baxter. A local security bypass vulnerability exists in the Baxter SIGMA Spectrum Infusion System. A local attacker could use this vulnerability to bypass security restrictions and perform unauthorized operations...
Baxter SIGMA Spectrum Infusion System Vulnerabilities
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 30, 2015, and is being released to the NCCIC/ICS-CERT web site. Researcher Jared Bird with Allina IS Security identified four vulnerabilities in Baxter’s SIGMA Spectrum Infusion System. Baxter has released a...