PT-2020-13014 · Phoenix+1 · Phoenix Hemodialysis Delivery System+1
Published
2020-06-29
·
Updated
2020-07-16
·
CVE-2020-12048
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Phoenix Hemodialysis Delivery System SW versions 3.36 through 3.40
Description
The issue concerns the lack of data-in-transit encryption, such as TLS/SSL, when transmitting sensitive treatment and prescription data between the Phoenix system and the Exalis dialysis data management tool over the network. This could allow an attacker with network access to observe the sensitive data being transmitted.
Recommendations
For Phoenix Hemodialysis Delivery System SW versions 3.36 through 3.40, consider implementing encryption for data transmitted between the Phoenix system and the Exalis tool to protect sensitive information. As a temporary workaround, restrict network access to authorized personnel only to minimize the risk of exploitation.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Exalis
Phoenix Hemodialysis Delivery System