![]() Successful exploitation of the above vulnerabilities could cause a remote denial-of-service (DoS), or enable an attacker with physical access to the device to extract sensitive information or alternatively carry out adversary-in-the-middle attacks. CVE-2022-26394 (CVSS score: 5.5) - Missing mutual authentication with the gateway server host.CVE-2022-26393 (CVSS score: 5.0) - A format string vulnerability when processing Wi-Fi SSID information, and.CVE-2022-26392 (CVSS score: 2.1) - A format string vulnerability when running a Telnet session.CVE-2022-26390 (CVSS score: 4.2) - Storage of network credentials and patient health information (PHI) in unencrypted format.Baxter Spectrum IQ LVP (v9.x) with Wireless Battery Modules v22D19 to v22D28.Sigma Spectrum LVP v8.x Wireless Battery Modules v17, v17D19, v20D29 to v20D32, and v22D24 to v22D28.Baxter Spectrum IQ (v9.x) model 35700BAX3.The four vulnerabilities in question, discovered by cybersecurity firm Rapid7 and reported to Baxter in April 2022, affect the following Sigma Spectrum Infusion systems. Infusion pumps are internet-enabled devices used by hospitals to deliver medication and nutrition directly into a patient's circulatory system. Cybersecurity and Infrastructure Security Agency (CISA) said in a coordinated advisory. "Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration," the U.S. ![]() Multiple security vulnerabilities have been disclosed in Baxter's internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |