Vulnerabilities > Baxter
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-09 | CVE-2024-6795 | SQL Injection vulnerability in Baxter Connex Health Portal In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database. An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content and/or perform administrative operations including shutting down the database. | 9.8 |
| 2024-09-09 | CVE-2024-6796 | Unspecified vulnerability in Baxter Connex Health Portal In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content. | 9.1 |
| 2022-09-09 | CVE-2022-26390 | Cleartext Storage of Sensitive Information vulnerability in Baxter products The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. | 4.2 |
| 2022-09-09 | CVE-2022-26392 | Use of Externally-Controlled Format String vulnerability in Baxter products The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. | 6.5 |
| 2022-09-09 | CVE-2022-26393 | Use of Externally-Controlled Format String vulnerability in Baxter products The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. | 8.1 |
| 2022-09-09 | CVE-2022-26394 | Missing Authentication for Critical Function vulnerability in Baxter products The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. | 5.4 |
| 2021-12-15 | CVE-2021-43935 | Improper Authentication vulnerability in Baxter products The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. | 9.8 |
| 2020-06-29 | CVE-2020-12048 | Cleartext Transmission of Sensitive Information vulnerability in Baxter Phoenix X36 Firmware 3.36/3.40 Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. | 7.5 |
| 2020-06-29 | CVE-2020-12047 | Use of Hard-coded Credentials vulnerability in Baxter Sigma Spectrum Infusion System Firmware 8.0 The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials. | 9.8 |
| 2020-06-29 | CVE-2020-12045 | Use of Hard-coded Credentials vulnerability in Baxter Sigma Spectrum Infusion System Firmware 8.0 The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded credentials. | 9.8 |