CVE-2020-12039

Name of the Vulnerable Software and Affected Versions Baxter Sigma Spectrum Infusion System versions 6.x through 8.x

Description The issue concerns hardcoded passwords in the Baxter Sigma Spectrum Infusion System. When these passwords are physically entered on the keypad, they provide access to biomedical menus, including device settings, calibration values, and network configuration of Sigma Spectrum WBM if installed.

Recommendations For versions 6.x through 8.x, consider restricting physical access to the keypad to minimize the risk of unauthorized access to device settings and configurations. As a temporary workaround, limit the use of the biomedical menus and device settings to authorized personnel only until a patch or fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.