PT-2020-13002 · Baxter · Baxter Prismaflex+1

Published

2020-06-29

Updated

2020-07-14

CVE-2020-12035

CVSS v3.1

4.9

Medium

Vector

AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Name of the Vulnerable Software and Affected Versions Baxter PrismaFlex all versions PrisMax versions prior to 3.x

Description The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings and calibration.

Recommendations For Baxter PrismaFlex all versions, consider changing the hard-coded service password to a unique and secure password. For PrisMax versions prior to 3.x, update to version 3.x or later to remove the hard-coded service password. As a temporary workaround, consider restricting access to the device settings and calibration settings to minimize the risk of exploitation.

Fix

Improper Authentication

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-798

Related Identifiers

CVE-2020-12035

Affected Products

Baxter Prismaflex

Prismax

PT-2020-13002 · Baxter · Baxter Prismaflex+1

CVE-2020-12035

Weakness Enumeration

Related Identifiers

Affected Products

References · 5