Multiple vulnerabilities in Baxter Life2000 Ventilation System



Risk High
Patch available NO
Number of vulnerabilities 9
CVE-ID CVE-2024-9834
CVE-2024-9832
CVE-2024-48971
CVE-2024-48973
CVE-2024-48974
CVE-2024-48970
CVE-2020-8004
CVE-2024-48966
CVE-2024-48967
CWE-ID CWE-319
CWE-307
CWE-798
CWE-1263
CWE-494
CWE-1191
CWE-200
CWE-306
CWE-778
Exploitation vector Network
Public exploit N/A
Vulnerable software
Life2000 Ventilation System
Hardware solutions / Other hardware appliances

Vendor Baxter

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

1) Cleartext transmission of sensitive information

EUVDB-ID: #VU100582

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-9834

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a local attacker to gain access to sensitive information.

The vulnerability exists due to improper data protection on the ventilator's serial interface. A local attacker can send and receive specially crafted messages to gain access to sensitive information, leading to unintended impact on device settings and performance.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Life2000 Ventilation System: - - 06.08.00.00

CPE2.3 External links

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Restriction of Excessive Authentication Attempts

EUVDB-ID: #VU100583

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-9832

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper restriction of excessive authentication attempts within the Clinician Password or the Serial Number Clinician Password. A local attacker can conduct brute force attacks to gain unauthorized access to the ventilator and gain access to the system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Life2000 Ventilation System: - - 06.08.00.00

CPE2.3 External links

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of hard-coded credentials

EUVDB-ID: #VU100584

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-48971

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a local attacker to gain full access to vulnerable system.

The vulnerability exists due to the Clinician Password and Serial Number Clinician Password are hard-coded credentials in application code. A local unauthenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Life2000 Ventilation System: - - 06.08.00.00

CPE2.3 External links

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Physical Access Control

EUVDB-ID: #VU100594

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-48973

CWE-ID: CWE-1263 - Improper Physical Access Control

Exploit availability: No

Description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the debug port on the ventilator's serial interface is enabled by default. A local attacker can send and receive specially crafted messages over the debug port to gain access to sensitive information, leading to unintended impact on device settings and performance.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Life2000 Ventilation System: - - 06.08.00.00

CPE2.3 External links

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Download of code without integrity check

EUVDB-ID: #VU100605

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-48974

CWE-ID: CWE-494 - Download of Code Without Integrity Check

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the affected system

The vulnerability exists due to the ventilator does not perform proper file integrity checks when adopting firmware updates. A local attacker can changes to the device's configuration settings and/or compromise device functionality after a successful software update.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Life2000 Ventilation System: - - 06.08.00.00

CPE2.3 External links

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) On-Chip Debug and Test Interface With Improper Access Control

EUVDB-ID: #VU100607

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-48970

CWE-ID: CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the ventilator's microcontroller lacks memory protection. A local attacker can connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Life2000 Ventilation System: - - 06.08.00.00

CPE2.3 External links

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Information disclosure

EUVDB-ID: #VU100608

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-8004

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the flash memory read-out protection feature on the microcontroller does not block memory access via the ICode bus. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Life2000 Ventilation System: - - 06.08.00.00

CPE2.3 External links

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Missing Authentication for Critical Function

EUVDB-ID: #VU100609

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-48966

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the software tools used by service personnel to test & calibrate the ventilator do not support user authentication. A remote attacker can obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Life2000 Ventilation System: - - 06.08.00.00

CPE2.3 External links

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Insufficient Logging

EUVDB-ID: #VU100633

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-48967

CWE-ID: CWE-778 - Insufficient Logging

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. A remote attacker can make unauthorized changes to ventilator settings.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Life2000 Ventilation System: - - 06.08.00.00

CPE2.3 External links

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###