Clear-Text Communication Vulnerability in Sigma Spectrum Infusion Systems by Baxter
CVE-2020-12040

9.8CRITICAL

Key Information:

Vendor: Baxter
Status: Baxter Sigma Spectrum Infusion Pumps
Vendor: CVE Published:; 29 June 2020

What is CVE-2020-12040?

The Sigma Spectrum Infusion Systems by Baxter have a security vulnerability that allows for unauthenticated clear-text communication at the application layer. This flaw permits attackers who bypass network security measures to intercept operational data and system status. Such exposure not only facilitates the viewing of sensitive data but also opens avenues for man-in-the-middle attacks, compromising the integrity of the infusion system's communication and potentially jeopardizing patient safety.

Affected Version(s)

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum v6.x model 35700BAX, Baxter Spectrum v8.x model 35700BAX2,Sigma Spectrum v6.x with Wireless Battery Module v9,11,13,14,15,16,v20D29,v20D30,v20D31,v22D24, Baxter Spectrum v8.x with Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24,Baxter Spectrum Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24,Baxter Spectrum LVP v8.x w/Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24

References

https://www.us-cert.gov/ics/advisories/icsma-20-170-04

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2020
Vulnerability Reserved
Apr 21, 2020

JSON