Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.
References
Link | Resource |
---|---|
https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Not Applicable |
https://us-cert.cisa.gov/ics/advisories/icsma-20-170-02 | Third Party Advisory |
https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Not Applicable |
Configurations
History
21 Nov 2024, 04:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.us-cert.gov/ics/advisories/icsma-20-170-01 - Not Applicable |
Information
Published : 2020-06-29 14:15
Updated : 2024-11-21 04:59
NVD link : CVE-2020-12037
Mitre link : CVE-2020-12037
CVE.ORG link : CVE-2020-12037
JSON object : View
Products Affected
baxter
- prismaflex_firmware
- prismax_firmware
- prismax
- prismaflex