Skip to main content

Prismaflex Firmware

3 CVEs product

Monthly

CVE-2020-12037 HIGH This Week

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Prismaflex Firmware Prismax Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-12036 HIGH This Week

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prismaflex Firmware Prismax Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-12035 MEDIUM This Month

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings,. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Prismaflex Firmware Prismax Firmware
NVD
CVSS 3.1
4.9
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH This Week

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Prismaflex Firmware +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prismaflex Firmware Prismax Firmware
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings,. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Prismaflex Firmware Prismax Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy