Vulnerabilities > Baxter > Wireless Battery Module

DATE CVE VULNERABILITY TITLE RISK
2019-03-26 CVE-2014-5433 Credentials Management vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.05
An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network.
network
low complexity
baxter CWE-255
7.5
7.5
2019-03-26 CVE-2014-5432 Improper Authentication vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.05
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication.
network
low complexity
baxter CWE-287
7.5
7.5
2019-03-26 CVE-2014-5431 Use of Hard-coded Credentials vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.05
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected.
local
low complexity
baxter CWE-798
4.6
4.6
2019-03-26 CVE-2014-5434 Use of Hard-coded Credentials vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.05
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol.
network
low complexity
baxter CWE-798
5.0
5.0