CVE-2020-12048
N/A
N/A
Summary
Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Baxter Phoenix Hemodialysis Delivery System | Phoenix Hemodialysis Delivery System SW 3.36 and 3.40 | affected |
Weaknesses
- CWE-319: CLEARTEXT TRANSMISSION OF SENSITIVE DATA CWE-319
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.