CVE-2020-12048

Summary

Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool.

Affected Software

VendorProductVersion RangeStatus
n/aBaxter Phoenix Hemodialysis Delivery SystemPhoenix Hemodialysis Delivery System SW 3.36 and 3.40affected

Weaknesses

  • CWE-319: CLEARTEXT TRANSMISSION OF SENSITIVE DATA CWE-319

ADP Enrichment

CVE Program Container

Additional References

References