Hardcoded Password Vulnerability in Baxter Sigma Spectrum Infusion Pumps
CVE-2020-12039

2.4LOW

Key Information:

Vendor: Baxter
Status: Baxter Sigma Spectrum Infusion Pumps
Vendor: CVE Published:; 29 June 2020

What is CVE-2020-12039?

Baxter Sigma Spectrum Infusion Pumps, specifically versions 6.x (model 35700BAX) and 8.x (model 35700BAX2), are susceptible to a vulnerability that involves hardcoded passwords. This flaw permits unauthorized users to gain access to sensitive biomedical menus, allowing them to modify device settings, view calibration values, and adjust network configurations for the Sigma Spectrum WBM, if it is installed. Such access could lead to potential manipulation of device operations, posing risks to patient safety.

Affected Version(s)

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum v6.x model 35700BAX,Spectrum v8.x model 35700BAX2,Sigma Spectrum v6.x with Wireless Battery Module (WBM) v9,v11,v13,v14,v15,v16,v20D29,v20D30,v20D31,v22D24, Spectrum v8.x w/WBM v17,v20D29,v20D30,v20D31,v22D24,Spectrum WBM v17,v20D29,v20D30,v20D31,v22D24,Spectrum LVP v8.x with WBM v17, v20D29,v20D30,v20D31,and v22D24

References

https://www.us-cert.gov/ics/advisories/icsma-20-170-04

x_refsource_MISC

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 29, 2020
Vulnerability Reserved
Apr 21, 2020