CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12040
https://notcve.org/view.php?id=CVE-2020-12040
Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack. Sigma Spectrum Infusion System versiones v's6.x (modelo 35700BAX) y Baxter Spectrum Infusion System versiones 8.x (modelo 35700BAX2), en la capa de aplicación utilizan un canal de comunicación de texto sin cifrar no autenticado para enviar y recibir el estado del sistema y los datos operativos. Esto podría permitir a un atacante que haya eludido las medidas de seguridad de la red visualizar datos confidenciales no privados o llevar a cabo un ataque de tipo man-in-the-middle • https://www.us-cert.gov/ics/advisories/icsma-20-170-04 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 2.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12039
https://notcve.org/view.php?id=CVE-2020-12039
Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed. Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System versiones v's6.x modelo 35700BAX y Baxter Spectrum Infusion System versiones v's8.x modelo 35700BAX2, contienen contraseñas embebidas cuando se ingresan físicamente en el teclado proporcionan acceso a menús biomédicos que incluyen configuraciones de dispositivos, visualizar valores de calibración, configuración de red de Sigma Spectrum WBM si está instalado • https://www.us-cert.gov/ics/advisories/icsma-20-170-04 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5431
https://notcve.org/view.php?id=CVE-2014-5431
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes. Baxter SIGMA Spectrum Infusion System 6.05 (modelo 35700BAX) con un módulo de batería inalámbrica (WBM), en su versión 16, contiene una contraseña embebida, lo que proporciona acceso a información biomédica básica, opciones del dispositivo limitadas y la configuración de red del WBM, si aplica. La contraseña embebida podría permitir que un atacante con acceso físico al dispositivo acceda a las funciones de gestión para hacer cambios no autorizados en la configuración a las opciones biomédicas, como encender y apagar las conexiones inalámbricas o una alarma audible que indica el final de una fase de inyección. • https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5432
https://notcve.org/view.php?id=CVE-2014-5432
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Baxter SIGMA Spectrum Infusion System, en su versión 6.05 (modelo 35700BAX), con un módulo de batería inalámbrica (WBM), en su versión 16, es accesible de forma remota mediante el puerto 22/SSH sin autenticación. • https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01 • CWE-287: Improper Authentication CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5433
https://notcve.org/view.php?id=CVE-2014-5433
An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Un atacante remoto no autenticado podría ser capaz de ejecutar comandos para visualizar credenciales de cuenta inalámbrica almacenadas en texto claro en Baxter SIGMA Spectrum Infusion System 6.05 (modelo 35700BAX), con un módulo de batería inalámbrica (WBM), en su versión 16, lo que podría permitir que un atacante obtenga acceso a la red host. Baxter ha publicado una nueva versión de SIGMA Spectrum Infusion System, la 8, que incluye cambios en el software y el hardware. • https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01 • CWE-255: Credentials Management Errors CWE-312: Cleartext Storage of Sensitive Information •