Search criteria
18 vulnerabilities
CVE-2022-26389 (GCVE-0-2022-26389)
Vulnerability from cvelistv5 – Published: 2025-02-07 17:07 – Updated: 2025-02-07 18:49
VLAI?
Summary
An improper access control vulnerability may allow privilege escalation.This issue affects:
* ELI 380 Resting Electrocardiograph:
Versions 2.6.0 and prior;
* ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:
Versions 2.3.1 and prior;
* ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior;
* ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph:
Versions 2.2.0 and prior.
Severity ?
7.7 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Baxter/ Hillrom | ELI 380 Resting Electrocardiograph |
Affected:
0 , ≤ 2.6.0
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
An anonymous user reported these vulnerabilities to Hillrom.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T18:49:13.343999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T18:49:22.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ELI 380 Resting Electrocardiograph",
"vendor": "Baxter/ Hillrom",
"versions": [
{
"lessThanOrEqual": "2.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph",
"vendor": "Welch Allyn",
"versions": [
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELI 250c/BUR 250c Resting Electrocardiograph",
"vendor": "Welch Allyn",
"versions": [
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph",
"vendor": "Welch Allyn",
"versions": [
{
"lessThanOrEqual": "2.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "An anonymous user reported these vulnerabilities to Hillrom."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper access control vulnerability may allow privilege escalation.\u003cp\u003eThis issue affects:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eELI 380 Resting Electrocardiograph:\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVersions 2.6.0 and prior;\u003c/span\u003e\u0026nbsp;\u003c/li\u003e\u003cli\u003eELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVersions 2.3.1 and prior\u003c/span\u003e;\u0026nbsp;\u003c/li\u003e\u003cli\u003eELI 250c/BUR 250c Resting Electrocardiograph:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVersions 2.1.2 and prior;\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003eELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVersions 2.2.0 and prior\u003c/span\u003e.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An improper access control vulnerability may allow privilege escalation.This issue affects:\u00a0\n\n * ELI 380 Resting Electrocardiograph:\n\nVersions 2.6.0 and prior;\u00a0\n * ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:\n\nVersions 2.3.1 and prior;\u00a0\n * ELI 250c/BUR 250c Resting Electrocardiograph:\u00a0Versions 2.1.2 and prior;\u00a0\n * ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: \n\nVersions 2.2.0 and prior."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T17:07:27.929Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-167-01"
},
{
"url": "https://hillrom.com/en/responsible-disclosures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHillrom has released software updates for all impacted devices to \naddress these vulnerabilities. New product versions that mitigate these \nvulnerabilities are available as follows:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWelch Allyn ELI 380 Resting Electrocardiograph: available Q4 2023\u003c/li\u003e\n\u003cli\u003eWelch Allyn ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: available May 2022\u003c/li\u003e\n\u003cli\u003eWelch Allyn ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: available Q4 2023\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eHillrom recommends users upgrade to the latest product versions. \nInformation on how to update these products can be found on the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://hillrom.com/en/responsible-disclosures/\"\u003eHillrom disclosure page\u003c/a\u003e\u003c/p\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Hillrom has released software updates for all impacted devices to \naddress these vulnerabilities. New product versions that mitigate these \nvulnerabilities are available as follows:\n\n\n\n * Welch Allyn ELI 380 Resting Electrocardiograph: available Q4 2023\n\n * Welch Allyn ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: available May 2022\n\n * Welch Allyn ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: available Q4 2023\n\n\n\n\nHillrom recommends users upgrade to the latest product versions. \nInformation on how to update these products can be found on the Hillrom disclosure page https://hillrom.com/en/responsible-disclosures/ \n\n."
}
],
"source": {
"advisory": "ICSMA-22-167-01",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control Vulnerability in ELI Electrocardiograph Devices",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHillrom recommends the following workarounds to help reduce risk:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply proper network and physical security controls.\u003c/li\u003e\n\u003cli\u003eEnsure a unique encryption key is configured for ELI Link and Cardiograph.\u003c/li\u003e\n\u003cli\u003eWhere possible, use a firewall to prevent communication on Port 21 \nFTP service, Port 22 SSH (Secure Shell Connection), and Port 23 Telnet \nservice.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Hillrom recommends the following workarounds to help reduce risk:\n\n\n\n * Apply proper network and physical security controls.\n\n * Ensure a unique encryption key is configured for ELI Link and Cardiograph.\n\n * Where possible, use a firewall to prevent communication on Port 21 \nFTP service, Port 22 SSH (Secure Shell Connection), and Port 23 Telnet \nservice."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26389",
"datePublished": "2025-02-07T17:07:27.929Z",
"dateReserved": "2022-03-03T22:04:24.534Z",
"dateUpdated": "2025-02-07T18:49:22.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26388 (GCVE-0-2022-26388)
Vulnerability from cvelistv5 – Published: 2025-02-07 17:06 – Updated: 2025-02-07 18:50
VLAI?
Summary
A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph:
Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:
Versions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph:
Versions 2.1.2 and prior; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph:
Versions 2.2.0 and prior.
Severity ?
6.4 (Medium)
CWE
- CWE-259 - Use of Hard-Coded Password
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Welch Allyn | ELI 380 Resting Electrocardiograph |
Affected:
0 , ≤ 2.6.0
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
An anonymous user reported these vulnerabilities to Hillrom.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T18:50:50.198188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T18:50:58.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ELI 380 Resting Electrocardiograph",
"vendor": "Welch Allyn",
"versions": [
{
"lessThanOrEqual": "2.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph",
"vendor": "Welch Allyn",
"versions": [
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELI 250c/BUR 250c Resting Electrocardiograph",
"vendor": "Welch Allyn",
"versions": [
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph",
"vendor": "Welch Allyn",
"versions": [
{
"lessThanOrEqual": "2.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "An anonymous user reported these vulnerabilities to Hillrom."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A use of hard-coded password vulnerability may allow authentication abuse.\u003cp\u003eThis issue affects ELI 380 Resting Electrocardiograph: \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVersions 2.6.0 and prior\u003c/span\u003e; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVersions 2.3.1 and prior\u003c/span\u003e; ELI 250c/BUR 250c Resting Electrocardiograph:\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVersions 2.1.2 and prior\u003c/span\u003e; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVersions 2.2.0 and prior\u003c/span\u003e.\u003c/p\u003e"
}
],
"value": "A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: \n\nVersions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:\n\nVersions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph:\n\nVersions 2.1.2 and prior; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: \n\nVersions 2.2.0 and prior."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-Coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T17:06:30.134Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-167-01"
},
{
"url": "https://hillrom.com/en/responsible-disclosures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHillrom has released software updates for all impacted devices to \naddress these vulnerabilities. New product versions that mitigate these \nvulnerabilities are available as follows:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWelch Allyn ELI 380 Resting Electrocardiograph: available Q4 2023\u003c/li\u003e\n\u003cli\u003eWelch Allyn ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: available May 2022\u003c/li\u003e\n\u003cli\u003eWelch Allyn ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: available Q4 2023\u003c/li\u003e\n\u003c/ul\u003e\n\n\nHillrom recommends users upgrade to the latest product versions. \nInformation on how to update these products can be found on the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://hillrom.com/en/responsible-disclosures/\"\u003eHillrom disclosure page\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Hillrom has released software updates for all impacted devices to \naddress these vulnerabilities. New product versions that mitigate these \nvulnerabilities are available as follows:\n\n\n\n * Welch Allyn ELI 380 Resting Electrocardiograph: available Q4 2023\n\n * Welch Allyn ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: available May 2022\n\n * Welch Allyn ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: available Q4 2023\n\n\n\n\n\n\nHillrom recommends users upgrade to the latest product versions. \nInformation on how to update these products can be found on the Hillrom disclosure page https://hillrom.com/en/responsible-disclosures/ ."
}
],
"source": {
"advisory": "ICSMA-22-167-01",
"discovery": "EXTERNAL"
},
"title": "Use of Hard-Coded Password Vulnerability in ELI Electrocardiograph Devices",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHillrom recommends the following workarounds to help reduce risk:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply proper network and physical security controls.\u003c/li\u003e\n\u003cli\u003eEnsure a unique encryption key is configured for ELI Link and Cardiograph.\u003c/li\u003e\n\u003cli\u003eWhere possible, use a firewall to prevent communication on Port 21 \nFTP service, Port 22 SSH (Secure Shell Connection), and Port 23 Telnet \nservice.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Hillrom recommends the following workarounds to help reduce risk:\n\n\n\n * Apply proper network and physical security controls.\n\n * Ensure a unique encryption key is configured for ELI Link and Cardiograph.\n\n * Where possible, use a firewall to prevent communication on Port 21 \nFTP service, Port 22 SSH (Secure Shell Connection), and Port 23 Telnet \nservice."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26388",
"datePublished": "2025-02-07T17:06:30.134Z",
"dateReserved": "2022-03-03T22:04:24.533Z",
"dateUpdated": "2025-02-07T18:50:58.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48967 (GCVE-0-2024-48967)
Vulnerability from cvelistv5 – Published: 2024-11-14 21:40 – Updated: 2024-11-15 14:28
VLAI?
Summary
The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.
Severity ?
10 (Critical)
CWE
- CWE-778 - Insufficient Logging
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Life2000 Ventilation System |
Affected:
06.08.00.00 and prior
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "life2000_ventilator_firmware",
"vendor": "baxter",
"versions": [
{
"lessThan": "6.08.00.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T14:28:10.676566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T14:28:13.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Life2000 Ventilation System",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "06.08.00.00 and prior"
}
]
}
],
"datePublic": "2024-11-14T21:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance."
}
],
"value": "The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117 Interception"
}
]
},
{
"capecId": "CAPEC-441",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-441 Malicious Logic Insertion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-778",
"description": "CWE-778: Insufficient Logging",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T21:52:23.702Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Life2000 ventilator and Service PC lack sufficient audit logging capabilities",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-48967",
"datePublished": "2024-11-14T21:40:44.904Z",
"dateReserved": "2024-10-10T19:24:34.436Z",
"dateUpdated": "2024-11-15T14:28:13.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48966 (GCVE-0-2024-48966)
Vulnerability from cvelistv5 – Published: 2024-11-14 21:38 – Updated: 2024-11-15 15:37
VLAI?
Summary
The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
Severity ?
10 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Life2000 Ventilation System |
Affected:
06.08.00.00 and prior
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "life2000_ventilator_firmware",
"vendor": "baxter",
"versions": [
{
"lessThan": "6.08.00.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:33:11.667501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:37:40.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Life2000 Ventilation System",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "06.08.00.00 and prior"
}
]
}
],
"datePublic": "2024-11-14T21:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The software tools used by service personnel to test \u0026amp; calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator\u0027s settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance."
}
],
"value": "The software tools used by service personnel to test \u0026 calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator\u0027s settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117 Interception"
}
]
},
{
"capecId": "CAPEC-441",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-441 Malicious Logic Insertion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T21:53:00.216Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Life2000 service tools for test and calibration do not support user authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-48966",
"datePublished": "2024-11-14T21:38:11.113Z",
"dateReserved": "2024-10-10T19:24:34.436Z",
"dateUpdated": "2024-11-15T15:37:40.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48970 (GCVE-0-2024-48970)
Vulnerability from cvelistv5 – Published: 2024-11-14 21:31 – Updated: 2024-11-18 15:23
VLAI?
Summary
The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure.
Severity ?
9.3 (Critical)
CWE
- CWE-1191 - On-Chip Debug and Test Interface with Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Life2000 Ventilation System |
Affected:
06.08.00.00 and prior
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "life2000_ventilator_firmware",
"vendor": "baxter",
"versions": [
{
"lessThanOrEqual": "06.08.00.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:22:31.746766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:23:48.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Life2000 Ventilation System",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "06.08.00.00 and prior"
}
]
}
],
"datePublic": "2024-11-14T21:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The ventilator\u0027s microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure."
}
],
"value": "The ventilator\u0027s microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117 Interception"
}
]
},
{
"capecId": "CAPEC-458",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-458 Flash Memory Attacks"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1191",
"description": "CWE-1191 On-Chip Debug and Test Interface with Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T21:53:34.989Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Life2000 Ventilator microcontroller lacks memory protection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-48970",
"datePublished": "2024-11-14T21:31:14.701Z",
"dateReserved": "2024-10-10T19:24:41.494Z",
"dateUpdated": "2024-11-18T15:23:48.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48974 (GCVE-0-2024-48974)
Vulnerability from cvelistv5 – Published: 2024-11-14 21:27 – Updated: 2024-11-18 15:32
VLAI?
Summary
The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure.
Severity ?
9.3 (Critical)
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Life2000 Ventilation System |
Affected:
06.08.00.00 and prior
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "life2000_ventilator_firmware",
"vendor": "baxter",
"versions": [
{
"lessThanOrEqual": "06.08.00.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:31:47.610421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:32:38.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Life2000 Ventilation System",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "06.08.00.00 and prior"
}
]
}
],
"datePublic": "2024-11-14T21:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device\u0027s configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure."
}
],
"value": "The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device\u0027s configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure."
}
],
"impacts": [
{
"capecId": "CAPEC-186",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-186 Malicious Software Update"
}
]
},
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117 Interception"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T21:50:36.915Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-48974",
"datePublished": "2024-11-14T21:27:10.284Z",
"dateReserved": "2024-10-10T19:24:41.495Z",
"dateUpdated": "2024-11-18T15:32:38.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48973 (GCVE-0-2024-48973)
Vulnerability from cvelistv5 – Published: 2024-11-14 21:24 – Updated: 2024-11-18 15:33
VLAI?
Summary
The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
Severity ?
9.3 (Critical)
CWE
- CWE-1263 - Improper Physical Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Life2000 Ventilation System |
Affected:
06.08.00.00 and prior
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "life2000_ventilator_firmware",
"vendor": "baxter",
"versions": [
{
"lessThanOrEqual": "06.08.00.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:33:07.996857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:33:44.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Life2000 Ventilation System",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "06.08.00.00 and prior"
}
]
}
],
"datePublic": "2024-11-14T21:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The debug port on the ventilator\u0027s serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.\u003cbr\u003e"
}
],
"value": "The debug port on the ventilator\u0027s serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117 Interception"
}
]
},
{
"capecId": "CAPEC-441",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-441 Malicious Logic Insertion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1263",
"description": "CWE-1263 Improper Physical Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T21:49:44.756Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Debug port on Life2000 Ventilator serial interface is enabled by default",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-48973",
"datePublished": "2024-11-14T21:24:14.099Z",
"dateReserved": "2024-10-10T19:24:41.495Z",
"dateUpdated": "2024-11-18T15:33:44.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48971 (GCVE-0-2024-48971)
Vulnerability from cvelistv5 – Published: 2024-11-14 21:13 – Updated: 2024-11-15 21:06
VLAI?
Summary
The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges.
Severity ?
9.3 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Life2000 Ventilation System |
Affected:
06.08.00.00 and prior
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "life2000_ventilator_firmware",
"vendor": "baxter",
"versions": [
{
"lessThanOrEqual": "06.08.00.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T21:05:32.910003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T21:06:24.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Life2000 Ventilation System",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "06.08.00.00 and prior"
}
]
}
],
"datePublic": "2024-11-14T21:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges.\u003cbr\u003e"
}
],
"value": "The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T21:49:12.240Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Clinician Password and Serial Number Clinician Password are hard-coded in Life2000 Ventilator",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-48971",
"datePublished": "2024-11-14T21:13:36.036Z",
"dateReserved": "2024-10-10T19:24:41.495Z",
"dateUpdated": "2024-11-15T21:06:24.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9832 (GCVE-0-2024-9832)
Vulnerability from cvelistv5 – Published: 2024-11-14 21:03 – Updated: 2024-11-18 15:37
VLAI?
Summary
There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure.
Severity ?
9.3 (Critical)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Life2000 Ventilation System |
Affected:
06.08.00.00 and prior
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "life2000_ventilator_firmware",
"vendor": "baxter",
"versions": [
{
"lessThanOrEqual": "06.08.00.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9832",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:36:22.221928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:37:00.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Life2000 Ventilation System",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "06.08.00.00 and prior"
}
]
}
],
"datePublic": "2024-11-14T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure.\u003cbr\u003e"
}
],
"value": "There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
},
{
"capecId": "CAPEC-441",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-441 Malicious Logic Insertion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T21:47:11.069Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "No limit on failed login attempts with Clinician Password or Serial Number Clinician Password on Life2000 Ventilator",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-9832",
"datePublished": "2024-11-14T21:03:16.721Z",
"dateReserved": "2024-10-10T19:24:46.919Z",
"dateUpdated": "2024-11-18T15:37:00.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9834 (GCVE-0-2024-9834)
Vulnerability from cvelistv5 – Published: 2024-11-14 20:57 – Updated: 2024-11-15 15:10
VLAI?
Summary
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
Severity ?
9.3 (Critical)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Life2000 Ventilation System |
Affected:
06.08.00.00 and prior
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "life2000_ventilator_firmware",
"vendor": "baxter",
"versions": [
{
"lessThanOrEqual": "06.08.00.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:09:40.431805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:10:40.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Life2000 Ventilation System",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "06.08.00.00 and prior"
}
]
}
],
"datePublic": "2024-11-14T20:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper data protection on the ventilator\u0027s serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.\u003cbr\u003e"
}
],
"value": "Improper data protection on the ventilator\u0027s serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117 Interception"
}
]
},
{
"capecId": "CAPEC-441",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-441 Malicious Logic Insertion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T21:47:25.133Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper data protection on Life2000 ventilator serial interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-9834",
"datePublished": "2024-11-14T20:57:22.734Z",
"dateReserved": "2024-10-10T19:24:48.834Z",
"dateUpdated": "2024-11-15T15:10:40.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6796 (GCVE-0-2024-6796)
Vulnerability from cvelistv5 – Published: 2024-09-09 19:28 – Updated: 2024-09-09 20:08
VLAI?
Summary
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content.
Severity ?
8.2 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Connex Health Portal |
Affected:
0 , < 8/30/2024
(date)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hillrom:connex_health_portal:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "connex_health_portal",
"vendor": "hillrom",
"versions": [
{
"lessThan": "8.30.2024",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T19:51:44.387310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T20:08:22.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connex Health Portal",
"vendor": "Baxter",
"versions": [
{
"lessThan": "8/30/2024",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal\u0027s database and/or modify content.\u0026nbsp;"
}
],
"value": "In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal\u0027s database and/or modify content."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T19:28:30.647Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Baxter is unaware of any exploitation of this vulnerability in our product and/or the compromise of personal or health data. Baxter patched all impacted systems promptly to address this vulnerability. No user action is required.\n\n\u003cbr\u003e"
}
],
"value": "Baxter is unaware of any exploitation of this vulnerability in our product and/or the compromise of personal or health data. Baxter patched all impacted systems promptly to address this vulnerability. No user action is required."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerability in Baxter Connex Health Portal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-6796",
"datePublished": "2024-09-09T19:28:30.647Z",
"dateReserved": "2024-07-16T17:54:05.755Z",
"dateUpdated": "2024-09-09T20:08:22.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6795 (GCVE-0-2024-6795)
Vulnerability from cvelistv5 – Published: 2024-09-09 19:24 – Updated: 2024-09-09 20:08
VLAI?
Summary
In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.
An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content
and/or perform administrative operations including shutting down the database.
Severity ?
10 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Connex Health Portal |
Affected:
0 , < 8/30/2024
(date)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hillrom:connex_health_portal:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "connex_health_portal",
"vendor": "hillrom",
"versions": [
{
"lessThan": "8.30.2024",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T20:04:42.779977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T20:08:01.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connex Health Portal",
"vendor": "Baxter",
"versions": [
{
"lessThan": "8/30/2024",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal\u0027s database.\u0026nbsp;\n\nAn attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content \n\nand/or perform administrative operations including shutting down the database."
}
],
"value": "In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal\u0027s database.\u00a0\n\nAn attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content \n\nand/or perform administrative operations including shutting down the database."
}
],
"impacts": [
{
"capecId": "CAPEC-23",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-23 File Content Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T19:24:01.776Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Baxter is unaware of any exploitation of this vulnerability and/or the compromise of personal or health data. Baxter patched all impacted systems promptly to address this vulnerability. No user action is required.\u003cbr\u003e"
}
],
"value": "Baxter is unaware of any exploitation of this vulnerability and/or the compromise of personal or health data. Baxter patched all impacted systems promptly to address this vulnerability. No user action is required."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerability in Baxter Connex Health Portal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-6795",
"datePublished": "2024-09-09T19:24:01.776Z",
"dateReserved": "2024-07-16T17:54:02.625Z",
"dateUpdated": "2024-09-09T20:08:01.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5176 (GCVE-0-2024-5176)
Vulnerability from cvelistv5 – Published: 2024-05-31 17:26 – Updated: 2024-09-03 15:31
VLAI?
Summary
Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior.
Severity ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Welch Allyn Configuration Tool |
Affected:
0 , ≤ 1.9.4.1
(custom)
|
Credits
Baxter reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cisa.gov/news-events/ics-medical-advisories/icsma-24-151-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:baxter:welch_allyn_configuration_tool:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "welch_allyn_configuration_tool",
"vendor": "baxter",
"versions": [
{
"lessThanOrEqual": "1.9.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T15:30:10.899212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:31:58.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Welch Allyn Configuration Tool",
"vendor": "Baxter",
"versions": [
{
"lessThanOrEqual": "1.9.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Baxter reported this vulnerability to CISA."
}
],
"datePublic": "2024-05-30T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.\u003cp\u003eThis issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior.\u003c/p\u003e"
}
],
"value": "Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior."
}
],
"impacts": [
{
"capecId": "CAPEC-555",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-555 Remote Services with Stolen Credentials"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:41:49.489Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://cisa.gov/news-events/ics-medical-advisories/icsma-24-151-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBaxter has found no evidence to date of any compromise of personal or health data. Baxter will release a software update for all impacted software to address this vulnerability. A new version of the product that mitigates the vulnerability will be available as follows:\u003c/p\u003e\u003cul\u003e\u003cli\u003eWelch Allyn Product Configuration Tool versions 1.9.4.2: Available Q3 2024\u003c/li\u003e\u003cli\u003eNo user action will be required once the update is released.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eBaxter recommends the following workarounds to help reduce risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eApply proper network and physical security controls.\u003c/li\u003e\u003cli\u003eThe Welch Allyn Configuration Tool has been removed from public access. Customers are advised to contact Baxter Technical Support or their Baxter Project Manager to create configuration files, as needed. Baxter Technical Support can be reached at (800)535-6663, option 2.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Baxter has found no evidence to date of any compromise of personal or health data. Baxter will release a software update for all impacted software to address this vulnerability. A new version of the product that mitigates the vulnerability will be available as follows:\n\n * Welch Allyn Product Configuration Tool versions 1.9.4.2: Available Q3 2024\n * No user action will be required once the update is released.\n\n\nBaxter recommends the following workarounds to help reduce risk:\n\n * Apply proper network and physical security controls.\n * The Welch Allyn Configuration Tool has been removed from public access. Customers are advised to contact Baxter Technical Support or their Baxter Project Manager to create configuration files, as needed. Baxter Technical Support can be reached at (800)535-6663, option 2."
}
],
"source": {
"advisory": "ICSMA-24-151-01",
"discovery": "UNKNOWN"
},
"title": "Vulnerability in Welch Allyn Configuration Tool Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-5176",
"datePublished": "2024-05-31T17:26:05.140Z",
"dateReserved": "2024-05-21T16:07:59.038Z",
"dateUpdated": "2024-09-03T15:31:58.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1275 (GCVE-0-2024-1275)
Vulnerability from cvelistv5 – Published: 2024-05-31 17:23 – Updated: 2024-08-01 18:33
VLAI?
Summary
Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52.
Severity ?
CWE
- CWE-1394 - Use of Default Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Welch Allyn Connex Spot Monitor |
Affected:
0 , ≤ 1.52
(custom)
|
Credits
Maarten Boone and Edwin Van Andel (CTO of Zerocopter) reported this vulnerability to Baxter.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:baxter:welch_allyn_connex_spot_monitor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "welch_allyn_connex_spot_monitor",
"vendor": "baxter",
"versions": [
{
"lessThanOrEqual": "1.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:39:19.332683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T15:01:00.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-151-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Welch Allyn Connex Spot Monitor",
"vendor": "Baxter",
"versions": [
{
"lessThanOrEqual": "1.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Maarten Boone and Edwin Van Andel (CTO of Zerocopter) reported this vulnerability to Baxter."
}
],
"datePublic": "2024-05-30T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.\u003cp\u003eThis issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52.\u003c/p\u003e"
}
],
"value": "Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1394",
"description": "CWE-1394 Use of Default Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:42:55.386Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-151-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBaxter has released a software update for all impacted devices and software to address this vulnerability. A new version of the product that mitigates the vulnerability is available as follows:\u003c/p\u003e\u003cul\u003e\u003cli\u003eWelch Allyn Connex Spot Monitor: Version 1.52.01 (available October 16, 2023)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eBaxter recommends users upgrade to the latest versions of their products. Information on how to update products to their new versions can be found on the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.baxter.com/product-security\"\u003eBaxter disclosure page\u003c/a\u003e\u0026nbsp;or the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.hillrom.com/en/responsible-disclosures/\"\u003eHillrom disclosure page\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eBaxter recommends the following workarounds to help reduce risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eApply proper network and physical security controls.\u003c/li\u003e\u003cli\u003eEnsure a unique encryption key is configured and applied to the product (as described in the Connex Spot Monitor Service Manual).\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Baxter has released a software update for all impacted devices and software to address this vulnerability. A new version of the product that mitigates the vulnerability is available as follows:\n\n * Welch Allyn Connex Spot Monitor: Version 1.52.01 (available October 16, 2023)\n\n\nBaxter recommends users upgrade to the latest versions of their products. Information on how to update products to their new versions can be found on the Baxter disclosure page https://www.baxter.com/product-security \u00a0or the Hillrom disclosure page https://www.hillrom.com/en/responsible-disclosures/ .\n\nBaxter recommends the following workarounds to help reduce risk:\n\n * Apply proper network and physical security controls.\n * Ensure a unique encryption key is configured and applied to the product (as described in the Connex Spot Monitor Service Manual)."
}
],
"source": {
"advisory": "ICSMA-24-151-02",
"discovery": "UNKNOWN"
},
"title": "Vulnerability in Baxter Welch Allyn Connex Spot Monitor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-1275",
"datePublished": "2024-05-31T17:23:19.207Z",
"dateReserved": "2024-02-06T14:20:33.446Z",
"dateUpdated": "2024-08-01T18:33:25.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26392 (GCVE-0-2022-26392)
Vulnerability from cvelistv5 – Published: 2022-09-09 14:40 – Updated: 2024-09-17 02:31
VLAI?
Summary
The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.
Severity ?
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) |
Affected:
16
Affected: 16D38 Affected: 17 Affected: 17D19 Affected: 20D29 Affected: 20D30 Affected: 20D31 Affected: 20D32 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter Spectrum Wireless Battery Module (WBM)",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "16D38"
},
{
"status": "affected",
"version": "17"
},
{
"status": "affected",
"version": "17D19"
},
{
"status": "affected",
"version": "20D29"
},
{
"status": "affected",
"version": "20D30"
},
{
"status": "affected",
"version": "20D31"
},
{
"status": "affected",
"version": "20D32"
}
]
}
],
"datePublic": "2022-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:40:06",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Format String vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@baxter.com",
"DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
"ID": "CVE-2022-26392",
"STATE": "PUBLIC",
"TITLE": "Format String vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "16",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "16D38",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17D19",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D29",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D30",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D31",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D32",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Baxter"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-134 Use of Externally-Controlled Format String"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26392",
"datePublished": "2022-09-09T14:40:06.166154Z",
"dateReserved": "2022-03-03T00:00:00",
"dateUpdated": "2024-09-17T02:31:43.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26390 (GCVE-0-2022-26390)
Vulnerability from cvelistv5 – Published: 2022-09-09 14:40 – Updated: 2024-09-17 04:09
VLAI?
Summary
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.
Severity ?
4.2 (Medium)
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) |
Affected:
16
Affected: 16D38 Affected: 17 Affected: 17D19 Affected: 20D29 Affected: 20D30 Affected: 20D31 Affected: 20D32 Affected: 22D19 Affected: 22D20 Affected: 22D21 Affected: 22D22 Affected: 22D23 Affected: 22D24 Affected: 22D25 Affected: 22D26 Affected: 22D27 Affected: 22D28 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter Spectrum Wireless Battery Module (WBM)",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "16D38"
},
{
"status": "affected",
"version": "17"
},
{
"status": "affected",
"version": "17D19"
},
{
"status": "affected",
"version": "20D29"
},
{
"status": "affected",
"version": "20D30"
},
{
"status": "affected",
"version": "20D31"
},
{
"status": "affected",
"version": "20D32"
},
{
"status": "affected",
"version": "22D19"
},
{
"status": "affected",
"version": "22D20"
},
{
"status": "affected",
"version": "22D21"
},
{
"status": "affected",
"version": "22D22"
},
{
"status": "affected",
"version": "22D23"
},
{
"status": "affected",
"version": "22D24"
},
{
"status": "affected",
"version": "22D25"
},
{
"status": "affected",
"version": "22D26"
},
{
"status": "affected",
"version": "22D27"
},
{
"status": "affected",
"version": "22D28"
}
]
}
],
"datePublic": "2022-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn\u0027t had all data and settings erased may be able to extract sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:40:06",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unencrypted internal storage of security credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@baxter.com",
"DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
"ID": "CVE-2022-26390",
"STATE": "PUBLIC",
"TITLE": "Unencrypted internal storage of security credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "16",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "16D38",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17D19",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D29",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D30",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D31",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D32",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D19",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D20",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D21",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D22",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D23",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D24",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D25",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D26",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D27",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D28",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Baxter"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn\u0027t had all data and settings erased may be able to extract sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26390",
"datePublished": "2022-09-09T14:40:06.351985Z",
"dateReserved": "2022-03-03T00:00:00",
"dateUpdated": "2024-09-17T04:09:45.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26393 (GCVE-0-2022-26393)
Vulnerability from cvelistv5 – Published: 2022-09-09 14:40 – Updated: 2024-09-16 18:34
VLAI?
Summary
The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM.
Severity ?
5 (Medium)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) |
Affected:
20D29
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter Spectrum Wireless Battery Module (WBM)",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "20D29"
}
]
}
],
"datePublic": "2022-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:40:06",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Format String vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@baxter.com",
"DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
"ID": "CVE-2022-26393",
"STATE": "PUBLIC",
"TITLE": "Format String vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "20D29",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Baxter"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-134 Use of Externally-Controlled Format String"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26393",
"datePublished": "2022-09-09T14:40:06.531113Z",
"dateReserved": "2022-03-03T00:00:00",
"dateUpdated": "2024-09-16T18:34:30.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26394 (GCVE-0-2022-26394)
Vulnerability from cvelistv5 – Published: 2022-09-09 14:40 – Updated: 2024-09-16 19:35
VLAI?
Summary
The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.
Severity ?
5.5 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) |
Affected:
16
Affected: 16D38 Affected: 17 Affected: 17D19 Affected: 20D29 Affected: 20D30 Affected: 20D31 Affected: 20D32 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter Spectrum Wireless Battery Module (WBM)",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "16D38"
},
{
"status": "affected",
"version": "17"
},
{
"status": "affected",
"version": "17D19"
},
{
"status": "affected",
"version": "20D29"
},
{
"status": "affected",
"version": "20D30"
},
{
"status": "affected",
"version": "20D31"
},
{
"status": "affected",
"version": "20D32"
}
]
}
],
"datePublic": "2022-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:40:05",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauthenticated network reconfiguration via TCP/UDP",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@baxter.com",
"DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
"ID": "CVE-2022-26394",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated network reconfiguration via TCP/UDP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "16",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "16D38",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17D19",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D29",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D30",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D31",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D32",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Baxter"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26394",
"datePublished": "2022-09-09T14:40:05.978240Z",
"dateReserved": "2022-03-03T00:00:00",
"dateUpdated": "2024-09-16T19:35:30.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}