PT-2019-7127 · Baxter · Baxter Sigma Spectrum Infusion System

Published

2019-03-26

Updated

2019-10-09

CVE-2014-5431

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Baxter SIGMA Spectrum Infusion System version 6.05

Description The issue concerns a hard-coded password in the wireless battery module of the Baxter SIGMA Spectrum Infusion System. This password provides access to basic biomedical information, limited device settings, and network configuration. An attacker with physical access to the device could use this password to make unauthorized configuration changes, such as turning wireless connections on or off and modifying the phase-complete audible alarm.

Recommendations For Baxter SIGMA Spectrum Infusion System version 6.05, update to version 8, which incorporates necessary hardware and software changes to address the issue.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-259

Related Identifiers

CVE-2014-5431

Affected Products

Baxter Sigma Spectrum Infusion System

PT-2019-7127 · Baxter · Baxter Sigma Spectrum Infusion System

CVE-2014-5431

Weakness Enumeration

Related Identifiers

Affected Products

References · 2