58 matches found
EUVD-2020-19803
Malware in sbrugna...
EUVD-2020-19791
Malware in sbrugna...
EUVD-2020-19795
Malware in sbrugna...
EUVD-2024-43156
Malicious code in bioql PyPI...
EUVD-2024-43153
Malicious code in bioql PyPI...
EUVD-2024-43157
Malicious code in bioql PyPI...
CVE-2024-48971
The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges...
CVE-2024-48973
The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port which are unencrypted; see 3.2.1 that result in unauthorized disclosure of information and/or have unintended impacts on device settings and...
CVE-2024-48974
The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This...
CVE-2024-48970
The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure...
CVE-2024-48966
The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedde...
CVE-2024-48967
The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings...
CVE-2024-48967
The CVE-2024-48967 entry concerns Baxter Life2000 ventilator and associated Service PC, where inadequate audit logging prevents detection of malicious activity. The description states that an attacker with access could alter ventilator settings without detection, leading to unauthorized informati...
CVE-2024-48967 Life2000 ventilator and Service PC lack sufficient audit logging capabilities
The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings...
CVE-2024-48967 Life2000 ventilator and Service PC lack sufficient audit logging capabilities
The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings...
CVE-2024-48966 Life2000 service tools for test and calibration do not support user authentication
The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedde...
CVE-2024-48966 Life2000 service tools for test and calibration do not support user authentication
The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedde...
CVE-2024-48966
The CVE-2024-48966 case affects Baxter Life2000 ventilator software tools used for testing and calibration, where the test/calibration tools do not require authentication. The root cause is lack of user authentication on these tools, enabling an attacker with access to the Service PC to obtain di...
CVE-2024-48970
The CVE-2024-48970 vulnerability affects Baxter Life2000 ventilators, specifically the ventilator’s microcontroller, which lacks memory protection. The issue arises because an attacker could access the internal JTAG interface and read/write flash memory with a standard debugging tool, potentially...
CVE-2024-48970 Life2000 Ventilator microcontroller lacks memory protection
The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure...