Data Transmission Vulnerability in Baxter Medical Devices
CVE-2020-12037
7.5HIGH
What is CVE-2020-12037?
The PrismaFlex and PrisMax systems by Baxter lack proper data-in-transit encryption. This absence of TLS/SSL when transmitting treatment data to external systems such as Patient Data Management Systems (PDMS) or Electronic Medical Records (EMR) exposes sensitive patient information. As a result, attackers could potentially intercept and observe critical health data during transmission, leading to serious privacy concerns and risks to patient confidentiality. This vulnerability highlights the need for encryption protocols to safeguard sensitive medical data as it travels across networks.
Affected Version(s)
Baxter PrismaFlex and PrisMax PrismaFlex all versions, PrisMax all versions prior to 3.x
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved