Vulnerability Description
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Baxter | Sigma Spectrum Infusion System Firmware | 6.05 |
| Baxter | Sigma Spectrum Infusion System | - |
| Baxter | Wireless Battery Module | 16 |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01MitigationThird Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2014-5431?
CVE-2014-5431 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information,...
How severe is CVE-2014-5431?
CVE-2014-5431 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5431?
Check the references section above for vendor advisories and patch information. Affected products include: Baxter Sigma Spectrum Infusion System Firmware, Baxter Sigma Spectrum Infusion System, Baxter Wireless Battery Module.