var-201903-0661
Vulnerability from variot
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Baxter SIGMA Spectrum Infusion System Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Baxter Wireless Battery Module (WBM) is prone to multiple security vulnerabilities. Attackers may exploit these issues to gain unauthorized access, obtain sensitive information, or bypass the authentication mechanism and gain access to the vulnerable device. Baxter SIGMA Spectrum Infusion System is an intelligent infusion system developed by Baxter, USA. A security vulnerability exists in Baxter WBM
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sigma spectrum infusion system",
"scope": "eq",
"trust": 1.0,
"vendor": "baxter",
"version": "6.05"
},
{
"model": "sigma spectrum infusion system",
"scope": "eq",
"trust": 0.8,
"vendor": "baxter",
"version": "6.05 (model 35700bax)"
},
{
"model": "wireless battery module",
"scope": "eq",
"trust": 0.3,
"vendor": "baxter",
"version": "0"
},
{
"model": "sigma spectrum infusion system",
"scope": "eq",
"trust": 0.3,
"vendor": "baxter",
"version": "0"
},
{
"model": "wireless battery module",
"scope": "ne",
"trust": 0.3,
"vendor": "baxter",
"version": "16"
},
{
"model": "sigma spectrum infusion system",
"scope": "ne",
"trust": 0.3,
"vendor": "baxter",
"version": "6.05"
}
],
"sources": [
{
"db": "BID",
"id": "76895"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008654"
},
{
"db": "NVD",
"id": "CVE-2014-5434"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:baxter:sigma_spectrum_infusion_system_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008654"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jared Bird of Allina IS Security",
"sources": [
{
"db": "BID",
"id": "76895"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-775"
}
],
"trust": 0.9
},
"cve": "CVE-2014-5434",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5434",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-73376",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-5434",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5434",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2014-5434",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-775",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-73376",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73376"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008654"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-775"
},
{
"db": "NVD",
"id": "CVE-2014-5434"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Baxter SIGMA Spectrum Infusion System Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Baxter Wireless Battery Module (WBM) is prone to multiple security vulnerabilities. \nAttackers may exploit these issues to gain unauthorized access, obtain sensitive information, or bypass the authentication mechanism and gain access to the vulnerable device. Baxter SIGMA Spectrum Infusion System is an intelligent infusion system developed by Baxter, USA. A security vulnerability exists in Baxter WBM",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5434"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008654"
},
{
"db": "BID",
"id": "76895"
},
{
"db": "VULHUB",
"id": "VHN-73376"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5434",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-181-01",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008654",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201510-775",
"trust": 0.7
},
{
"db": "BID",
"id": "76895",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-73376",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73376"
},
{
"db": "BID",
"id": "76895"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008654"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-775"
},
{
"db": "NVD",
"id": "CVE-2014-5434"
}
]
},
"id": "VAR-201903-0661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-73376"
}
],
"trust": 0.66
},
"last_update_date": "2024-11-23T22:17:06.959000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.baxter.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008654"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
},
{
"problemtype": "CWE-259",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73376"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008654"
},
{
"db": "NVD",
"id": "CVE-2014-5434"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-181-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5434"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5434"
},
{
"trust": 0.3,
"url": "http://www.baxter.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73376"
},
{
"db": "BID",
"id": "76895"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008654"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-775"
},
{
"db": "NVD",
"id": "CVE-2014-5434"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-73376"
},
{
"db": "BID",
"id": "76895"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008654"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-775"
},
{
"db": "NVD",
"id": "CVE-2014-5434"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-73376"
},
{
"date": "2015-09-29T00:00:00",
"db": "BID",
"id": "76895"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008654"
},
{
"date": "2015-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-775"
},
{
"date": "2019-03-26T15:29:00.287000",
"db": "NVD",
"id": "CVE-2014-5434"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-73376"
},
{
"date": "2015-09-29T00:00:00",
"db": "BID",
"id": "76895"
},
{
"date": "2019-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008654"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-775"
},
{
"date": "2024-11-21T02:12:02.537000",
"db": "NVD",
"id": "CVE-2014-5434"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-775"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Baxter SIGMA Spectrum Infusion System Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008654"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-775"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…