1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: Device Library Wizard Vulnerability: Insecure Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-level user to escalate privileges and fully compromise the device. 3. TECHNICAL DETAILS 3.1…

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: Baxter ExactaMix EM 2400 & EM 1200 Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Missing Encryption of Sensitive Data, Improper Access Control, Exposure of Resource to Wrong Sphere, Improper Input…

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: PrismaFlex and PrisMax Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Authentication, Use of Hard-Coded Password 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-170-01 Baxter PrismaFlex and…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: Phoenix Hemodialysis Delivery System Vulnerability: Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-170-03 Baxter Phoenix Hemodialysis Delivery System that was published…

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter  Equipment: Sigma Spectrum Infusion Pumps  Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Incorrect Permission Assignment for Critical Resource, Operation on a Resource After Expiration or Release 2. UPDATE INFORMATION This updated…

1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Exploitable with adjacent access/low skill level to exploit  Vendor: BIOTRONIK Equipment: CardioMessenger II-S T-Line, CardioMessenger II-S GSM Vulnerabilities: Improper Authentication, Cleartext Transmission of Sensitive Information, Missing Encryption of Sensitive Data, Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of…

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris PCU Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-170-06 BD Alaris PCU that was published June 18,…

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Exacq Technologies, a subsidiary of Johnson Controls Equipment: exacqVision Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with administrative privileges to potentially download and run a malicious executable that…