CyberSecurityBoard
Sponsor Register Login

Baxter Welch Allyn Connex Spot Monitor

RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to modify device configuration and firmware data.
Tampering with this data could lead to device compromise, resulting in impact and/or delay in patient care.
The impacted product uses a default cryptographic key for potentially critical functionality.
An attacker could modify device configurations and firmware data, resulting in impact and/or delay in patient care.
CVE-2024-1275 has been assigned to this vulnerability.
A CVSS v3.1 base score of 7.4 has been calculated; the CVSS vector string is.
A base score of 9.1 has been calculated; the CVSS vector string is.
MITIGATIONS. Baxter has released a software update for all impacted devices and software to address this vulnerability.
Baxter recommends users upgrade to the latest versions of their products.
Information on how to update products to their new versions can be found on the Baxter disclosure page or the Hillrom disclosure page.
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Also recognize VPN is only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.
Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.


This Cyber News was published on www.cisa.gov. Publication date: Thu, 30 May 2024 15:13:06 +0000


Cyber News related to Baxter Welch Allyn Connex Spot Monitor

CVE-2021-27410 - The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device ...
3 years ago
CVE-2021-27408 - The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools (Welch Allyn ...
3 years ago
Why RV Connex Chose Swimlane As "The Powerhouse" Of Their SOC - RV Connex is a Thailand-based company that specializes in national defense and space manufacturing. Since RV Connex has implemented security automation they have achieved significant progress. Tanajak Watanakij, Vice President of Cybersecurity and ...
1 year ago Securityboulevard.com
CVE-2024-1275 - Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52. ...
7 months ago
Baxter Welch Allyn Connex Spot Monitor - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to modify device configuration and firmware data. Tampering with this data could lead to device compromise, resulting in impact and/or delay in patient care. The ...
7 months ago Cisa.gov
CVE-2024-5176 - Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior. ...
7 months ago
Mozilla adds paid-for data-deletion tier to Monitor service The Register - Mozilla on Tuesday expanded its free privacy-monitoring service with a paid-for tier called Mozilla Monitor Plus that will try to get data brokers to delete their copies of subscribers' personal information. Mozilla introduced Monitor in 2018 as a ...
11 months ago Go.theregister.com
CVE-2017-11743 - MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect ...
7 years ago
CVE-2017-11614 - MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive ...
7 years ago
CVE-2024-6795 - In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.  ...
4 months ago
CVE-2024-6796 - In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content. ...
4 months ago
A Fifth of UK SMBs Can't Spot Scams - A worrying 17% of the UK's small and medium-sized businesses can't always spot the tell-tale signs of online fraud and scams, according to new data from UK Finance. The banking industry body has been running its "Can you spot fraud?" quiz for small ...
1 year ago Infosecurity-magazine.com
CVE-2014-5434 - Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the ...
5 years ago
CVE-2014-5432 - Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes ...
5 years ago
Protecting User Privacy by Removing Personal Data from Data Broker Sites - As part of its new subscription service model, Mozilla Firefox is offering its users the possibility of finding and removing their personal and sensitive information from data brokers across the internet. To eliminate their phone numbers, e-mail, ...
11 months ago Cysecurity.news
Comprehensive Cloud Monitoring Platforms: Ensuring - Platforms for comprehensive cloud monitoring come into play in this situation. In this article, we will explore the significance of comprehensive cloud monitoring platforms and delve into some leading solutions available in the market today. ...
1 year ago Feeds.dzone.com
CVE-2022-21403 - Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged ...
2 years ago
CVE-2022-21399 - Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged ...
2 years ago
CVE-2022-21401 - Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged ...
2 years ago
CVE-2017-3306 - Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily "exploitable" ...
5 years ago
Optimizing Data Lake Usage with Effective Object Management - Data lakes are a popular solution for data storage, and for good reason. Data lakes are flexible and cost effective, as they allow multiple query engines and many object formats without the need to manage resources like disks, CPUs, and memory. In a ...
11 months ago Imperva.com
CVE-2014-5433 - An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, ...
5 years ago
CVE-2020-12012 - Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 ...
4 years ago
CVE-2020-12016 - Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and ...
4 years ago
CVE-2020-12047 - The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials. ...
4 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)