Vulnerabilities > Baxter > Sigma Spectrum Infusion System Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-29 | CVE-2020-12040 | Cleartext Transmission of Sensitive Information vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.0/6.05/8.0 Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. | 5.0 |
| 2019-03-26 | CVE-2014-5431 | Use of Hard-coded Credentials vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.05 Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. | 4.6 |
| 2019-03-26 | CVE-2014-5434 | Use of Hard-coded Credentials vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.05 Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. | 5.0 |