58 matches found
CVE-2024-48970 Life2000 Ventilator microcontroller lacks memory protection
The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure...
CVE-2024-48974 Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates
The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This...
CVE-2024-48974 Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates
The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This...
CVE-2024-48974
The CVE-2024-48974 entry concerns Baxter Life2000 ventilators, where the firmware update process does not perform proper file integrity checks on the update file. The underlying consequence is that an attacker could push a compromised or illegitimate firmware image, enabling unauthorized changes ...
CVE-2024-48973
The CVE-2024-48973 entry concerns Baxter Life2000/Life2000 ventilator devices with the debug port on the serial interface enabled by default. Concrete details: debugging is unencrypted and may allow unauthorized disclosure of information and unintended changes to device settings or performance. I...
CVE-2024-48973 Debug port on Life2000 Ventilator serial interface is enabled by default
The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port which are unencrypted; see 3.2.1 that result in unauthorized disclosure of information and/or have unintended impacts on device settings and...
CVE-2024-48973 Debug port on Life2000 Ventilator serial interface is enabled by default
The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port which are unencrypted; see 3.2.1 that result in unauthorized disclosure of information and/or have unintended impacts on device settings and...
CVE-2024-9832
There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the...
CVE-2024-9834
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance...
CVE-2024-48971 Clinician Password and Serial Number Clinician Password are hard-coded in Life2000 Ventilator
The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges...
CVE-2024-48971
The CVE-2024-48971 issue affects Baxter Life2000 Ventilation System where the Clinician Password and Serial Number Clinician Password are hard-coded in plaintext on the device, enabling an attacker to obtain credentials and gain unauthorized access with clinician privileges. Root cause cited incl...
CVE-2024-48971 Clinician Password and Serial Number Clinician Password are hard-coded in Life2000 Ventilator
The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges...
CVE-2024-9834 Improper data protection on Life2000 ventilator serial interface
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance...
CVE-2024-9834 Improper data protection on Life2000 ventilator serial interface
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance...
CVE-2024-9834
CVE-2024-9834 affects the Baxter Life2000 ventilator via the serial interface, where improper data protection could let an attacker send/receive messages and cause unauthorized disclosure or unintended changes to device settings/performance. The ICS advisory lists concrete weaknesses contributing...
Baxter Life2000 安全漏洞
The Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A security vulnerability exists in Baxter Life2000 version 06.08.00.00 and prior versions, which stems from the lack of sufficient audit logging functionality to detect malicious activity and perform subsequent forensic...
Baxter Life2000 安全漏洞
The Baxter Life2000 is a mask-less noninvasive ventilator from Baxter. A security vulnerability exists in the Baxter Life2000 that stems from an unlimited number of login failures allowed using the clinician password or serial number clinician password, which allows an attacker to perform a brute...
Baxter Life2000 信任管理问题漏洞
The Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A trust management issue vulnerability exists in Baxter Life2000 version 06.08.00.00 and prior versions, which stems from the clinician password and serial number clinician password, hardcoded in plaintext in the device, whic...
PT-2024-39874 · Unknown · Ventilator
Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The issue concerns improper data protection on the ventilator's serial interface. This could allow an attacker to send and receive messages, resulting in unauthorized disclosure of...
PT-2024-39873 · Unknown · Ventilator
Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The issue allows for an unlimited number of failed login attempts with the Clinician Password or the Serial Number Clinician Password. This enables an attacker to perform a brute-force...