CVE-2020-12037
29.06.2020, 14:15
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.Enginsight
| Vendor | Product | Version |
|---|---|---|
| baxter | prismaflex_firmware | * |
| baxter | prismax_firmware | 𝑥 < 3.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-259 - Use of Hard-coded PasswordThe software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
- CWE-319 - Cleartext Transmission of Sensitive InformationThe software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.