Filtered by vendor Baxter
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12037 | 1 Baxter | 4 Prismaflex, Prismaflex Firmware, Prismax and 1 more | 2024-08-04 | 7.5 High |
| Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device. | ||||
| CVE-2020-12041 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2024-08-04 | 9.4 Critical |
| The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot. | ||||
| CVE-2020-12040 | 1 Baxter | 2 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware | 2024-08-04 | 9.8 Critical |
| Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack. | ||||
| CVE-2020-12020 | 1 Baxter | 4 Em1200, Em1200 Firmware, Em2400 and 1 more | 2024-08-04 | 6.1 Medium |
| Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user. | ||||
| CVE-2020-12008 | 1 Baxter | 4 Em1200, Em1200 Firmware, Em2400 and 1 more | 2024-08-04 | 7.5 High |
| Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI. | ||||