These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A critical vulnerability (CVSS 9.3) in the Baxter Life2000 Ventilation System allows attackers with local access to the device's serial interface to send and receive unauthorized messages. This improper data protection flaw can result in information disclosure and unintended modifications to device settings and performance. The vulnerability affects Life2000 Ventilation System versions 6.08.00.00 and earl [truncated]
CVE-2024-9832 is a critical authentication vulnerability in the Baxter Life2000 Ventilation System, published by CISA on November 14, 2024. The device fails to implement rate limiting on failed login attempts for both the Clinician Password and Serial Number Clinician Password, enabling brute-force attacks that could grant unauthorized access to device settings. Successful exploitation could result in dis [truncated]
A critical vulnerability in the Baxter Life2000 Ventilation System allows attackers to push compromised firmware due to missing file integrity checks during updates. Published November 14, 2024, this flaw enables unauthorized configuration changes, device functionality compromise, and potential information disclosure. The CVSS 9.3 score reflects local attack vector with no privileges required, high confid [truncated]
A critical vulnerability in the Baxter Life2000 Ventilation System exposes an enabled-by-default debug port on the device's serial interface. The debug port accepts unencrypted messages, allowing an attacker with physical access to send and receive commands that could disclose sensitive information or alter device settings and performance. The vulnerability carries a CVSS 3.1 score of 9.3 (Critical), refl [truncated]
A critical vulnerability in the Baxter Life2000 Ventilation System exposes hard-coded clinician credentials in plaintext, enabling unauthorized privileged access if an attacker obtains physical access to the device. Published November 14, 2024, this vulnerability carries a CVSS 3.1 score of 9.3 (CRITICAL) and affects Life2000 Ventilation System versions 6.08.00.00 and earlier. The root cause is the presen [truncated]
A critical vulnerability in the Baxter Life2000 Ventilation System allows attackers with access to the Service PC to obtain diagnostic information or manipulate ventilator settings without authentication. The service and calibration tools lack user authentication entirely, enabling unauthorized disclosure and potential device manipulation.
CVE-2020-8004 is a high-severity vulnerability affecting the Baxter Life2000 Ventilation System, published on November 14, 2024. The vulnerability stems from a weakness in the flash memory read-out protection feature on the device's microcontroller, which fails to block memory access via the ICode bus. Attackers can exploit this flaw in combination with specific CPU exception handling behaviors to map the [truncated]
A vulnerability in the Baxter Connex Health Portal could potentially allow an unauthorized user to gain access to patient and clinician information, and to modify or delete clinic details. The vulnerability has been assigned a CVSS 3.1 score of 8.2 (HIGH). According to the CISA advisory, Baxter patched these vulnerabilities promptly after discovery on August 30, 2024, and no additional user action is requ [truncated]
A critical SQL injection vulnerability in the Baxter Connex Health Portal, published by CISA on September 5, 2024, allows remote unauthenticated attackers to execute arbitrary SQL queries with full database control including data access, modification, deletion, and administrative operations such as database shutdown. The vulnerability stems from improper input sanitization on certain parameters. Baxter pa [truncated]
A critical vulnerability in Baxter's Welch Allyn Product Configuration Tool (versions ≤1.9.4.1) exposes authentication credentials and user input to potential compromise. Published by CISA on May 30, 2024, this vulnerability carries a CVSS 3.1 score of 9.6 (Critical). The nature of the credential exposure suggests that any credentials entered during tool operation—including authentication credentials or o [truncated]
CVE-2024-1275 is a HIGH severity vulnerability (CVSS 7.4) in the Baxter Welch Allyn Connex Spot Monitor (CSM), a medical device used for patient vital signs monitoring. The vulnerability stems from the use of a default cryptographic key for critical functionality, which could allow an attacker to modify device configurations and firmware data, potentially impacting or delaying patient care. The vulnerabil [truncated]