EUVD-2020-4353

Malware in sbrugna...

CVE-2020-12036

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...

CVE-2020-12037

CVE-2020-12037 affects Baxter PrismaFlex (all versions) and PrisMax (all versions before 3.x). The root cause is a hard-coded service password (CWE-259), enabling an attacker to access device settings, calibration data, and network configuration. The ICS update also notes lack of data-in-transit ...

Baxter Phoenix Hemodialysis Delivery System Information Disclosure Vulnerability

The Baxter Phoenix Hemodialysis Delivery System is a hemodialysis device from Baxter. An information disclosure vulnerability exists in the Baxter Phoenix Hemodialysis Delivery System SW version 3.36 and 3.40, which arises from an unsupported encryption of transmitted data during the transfer of...

Baxter PrismaFlex and PrismMax Information Disclosure Vulnerabilities

The Baxter PrismaFlex and PrismMax are both critical care devices from Baxter. An information disclosure vulnerability exists in Baxter PrismaFlex all versions and PrismMax prior to version 3.x. The vulnerability stems from the failure of an affected device to encrypt e.g., TLS/SSL transmitted da...

Worry-Free Waterkeeper App Has Logic Design Flaws

Worry-free Water Manager App is a real-time query for enterprises to provide sewage treatment system data, operational status visualization management software. Worry-Free Water Manager App has a logical design loophole that allows an attacker to log in to any user account by grabbing packets...