CVE-2020-12040

Name of the Vulnerable Software and Affected Versions Sigma Spectrum Infusion System versions 6.x Baxter Spectrum Infusion System versions 8.x

Description The issue concerns the use of an unauthenticated clear-text communication channel at the application layer to send and receive system status and operational data. This could allow an attacker who has bypassed network security measures to view sensitive non-private data or perform a man-in-the-middle attack.

Recommendations For Sigma Spectrum Infusion System version 6.x, consider implementing secure communication protocols to encrypt data transmission. For Baxter Spectrum Infusion System version 8.x, restrict access to the system to minimize the risk of exploitation until a secure communication channel is established.