Vulnerabilities > Baxter > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-09 | CVE-2022-26390 | Cleartext Storage of Sensitive Information vulnerability in Baxter products The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. | 4.2 |
| 2021-12-15 | CVE-2021-43935 | Improper Authentication vulnerability in Baxter products The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. | 6.8 |
| 2020-06-29 | CVE-2020-12048 | Cleartext Transmission of Sensitive Information vulnerability in Baxter Phoenix X36 Firmware 3.36/3.40 Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. | 5.0 |
| 2020-06-29 | CVE-2020-12040 | Cleartext Transmission of Sensitive Information vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.0/6.05/8.0 Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. | 5.0 |
| 2020-06-29 | CVE-2020-12037 | Cleartext Transmission of Sensitive Information vulnerability in Baxter Prismaflex Firmware and Prismax Firmware Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. | 5.0 |
| 2020-06-29 | CVE-2020-12036 | Cleartext Transmission of Sensitive Information vulnerability in Baxter Prismaflex Firmware and Prismax Firmware Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. | 5.0 |
| 2020-06-29 | CVE-2020-12032 | Cleartext Storage of Sensitive Information vulnerability in Baxter Em1200 Firmware and Em2400 Firmware Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. | 6.4 |
| 2020-06-29 | CVE-2020-12008 | Cleartext Transmission of Sensitive Information vulnerability in Baxter Em1200 Firmware and Em2400 Firmware Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. | 5.0 |
| 2019-03-26 | CVE-2014-5431 | Use of Hard-coded Credentials vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.05 Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. | 4.6 |
| 2019-03-26 | CVE-2014-5434 | Use of Hard-coded Credentials vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.05 Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. | 5.0 |