CVE-2020-12035

Severity CVSS v4.0:
Pending analysis
Type:
CWE-798 Use of Hard-coded Credentials
Publication date:
29/06/2020
Last modified:
14/07/2020

Description

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings and calibration.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:baxter:prismaflex_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:baxter:prismaflex:-:*:*:*:*:*:*:*
cpe:2.3:o:baxter:prismax_firmware:*:*:*:*:*:*:*:* 3.0 (excluding)
cpe:2.3:h:baxter:prismax:-:*:*:*:*:*:*:*