CVE-2014-5431

Name of the Vulnerable Software and Affected Versions Baxter SIGMA Spectrum Infusion System version 6.05

Description The issue concerns a hard-coded password in the wireless battery module of the Baxter SIGMA Spectrum Infusion System. This password provides access to basic biomedical information, limited device settings, and network configuration. An attacker with physical access to the device could use this password to make unauthorized configuration changes, such as turning wireless connections on or off and modifying the phase-complete audible alarm.

Recommendations For Baxter SIGMA Spectrum Infusion System version 6.05, update to version 8, which incorporates necessary hardware and software changes to address the issue.