Vulnerabilities > Baxter
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-29 | CVE-2020-12039 | Use of Hard-coded Credentials vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.0/6.05/8.0 Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed. | 2.1 |
| 2020-06-29 | CVE-2020-12037 | Cleartext Transmission of Sensitive Information vulnerability in Baxter Prismaflex Firmware and Prismax Firmware Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. | 5.0 |
| 2020-06-29 | CVE-2020-12036 | Cleartext Transmission of Sensitive Information vulnerability in Baxter Prismaflex Firmware and Prismax Firmware Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. | 5.0 |
| 2020-06-29 | CVE-2020-12035 | Use of Hard-coded Credentials vulnerability in Baxter Prismaflex Firmware and Prismax Firmware Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. | 3.6 |
| 2020-06-29 | CVE-2020-12032 | Cleartext Storage of Sensitive Information vulnerability in Baxter Em1200 Firmware and Em2400 Firmware Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. | 6.4 |
| 2020-06-29 | CVE-2020-12024 | Unspecified vulnerability in Baxter Em1200 Firmware and Em2400 Firmware Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. | 3.6 |
| 2020-06-29 | CVE-2020-12020 | Exposure of Resource to Wrong Sphere vulnerability in Baxter Em1200 Firmware and Em2400 Firmware Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. | 3.6 |
| 2020-06-29 | CVE-2020-12016 | Use of Hard-coded Credentials vulnerability in Baxter Em1200 Firmware and Em2400 Firmware Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. | 10.0 |
| 2020-06-29 | CVE-2020-12012 | Use of Hard-coded Credentials vulnerability in Baxter Em1200 Firmware and Em2400 Firmware Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. | 3.6 |
| 2020-06-29 | CVE-2020-12008 | Cleartext Transmission of Sensitive Information vulnerability in Baxter Em1200 Firmware and Em2400 Firmware Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. | 5.0 |