CVE-2020-12040
N/A
N/A
Summary
Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Baxter Sigma Spectrum Infusion Pumps | Sigma Spectrum v6.x model 35700BAX, Baxter Spectrum v8.x model 35700BAX2,Sigma Spectrum v6.x with Wireless Battery Module v9,11,13,14,15,16,v20D29,v20D30,v20D31,v22D24, Baxter Spectrum v8.x with Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24,Baxter Spectrum Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24,Baxter Spectrum LVP v8.x w/Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24 | affected |
Weaknesses
- CWE-319: CWE-319
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.