Multiple vulnerabilities in Baxter Life2000 Ventilation System
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2024-9834 CVE-2024-9832 CVE-2024-48971 CVE-2024-48973 CVE-2024-48974 CVE-2024-48970 CVE-2020-8004 CVE-2024-48966 CVE-2024-48967 |
| CWE-ID | CWE-319 CWE-307 CWE-798 CWE-1263 CWE-494 CWE-1191 CWE-200 CWE-306 CWE-778 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Life2000 Ventilation System Hardware solutions / Other hardware appliances |
| Vendor | Baxter |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Cleartext transmission of sensitive information
EUVDB-ID: #VU100582
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-9834
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to sensitive information.
The vulnerability exists due to improper data protection on the ventilator's serial interface. A local attacker can send and receive specially crafted messages to gain access to sensitive information, leading to unintended impact on device settings and performance.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLife2000 Ventilation System: - - 06.08.00.00
CPE2.3- cpe:2.3:h:baxter:life2000_ventilation_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:baxter:life2000_ventilation_system:06.08.00.00:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Restriction of Excessive Authentication Attempts
EUVDB-ID: #VU100583
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-9832
CWE-ID:
CWE-307 - Improper Restriction of Excessive Authentication Attempts
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper restriction of excessive authentication attempts within the Clinician Password or the Serial Number Clinician Password. A local attacker can conduct brute force attacks to gain unauthorized access to the ventilator and gain access to the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLife2000 Ventilation System: - - 06.08.00.00
CPE2.3- cpe:2.3:h:baxter:life2000_ventilation_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:baxter:life2000_ventilation_system:06.08.00.00:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of hard-coded credentials
EUVDB-ID: #VU100584
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48971
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to the Clinician Password and Serial Number Clinician Password are hard-coded credentials in application code. A local unauthenticated attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLife2000 Ventilation System: - - 06.08.00.00
CPE2.3- cpe:2.3:h:baxter:life2000_ventilation_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:baxter:life2000_ventilation_system:06.08.00.00:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Physical Access Control
EUVDB-ID: #VU100594
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48973
CWE-ID:
CWE-1263 - Improper Physical Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the debug port on the ventilator's serial interface is enabled by default. A local attacker can send and receive specially crafted messages over the debug port to gain access to sensitive information, leading to unintended impact on device settings and performance.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLife2000 Ventilation System: - - 06.08.00.00
CPE2.3- cpe:2.3:h:baxter:life2000_ventilation_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:baxter:life2000_ventilation_system:06.08.00.00:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Download of code without integrity check
EUVDB-ID: #VU100605
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48974
CWE-ID:
CWE-494 - Download of Code Without Integrity Check
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the affected system
The vulnerability exists due to the ventilator does not perform proper file integrity checks when adopting firmware updates. A local attacker can changes to the device's configuration settings and/or compromise device functionality after a successful software update.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLife2000 Ventilation System: - - 06.08.00.00
CPE2.3- cpe:2.3:h:baxter:life2000_ventilation_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:baxter:life2000_ventilation_system:06.08.00.00:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) On-Chip Debug and Test Interface With Improper Access Control
EUVDB-ID: #VU100607
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-48970
CWE-ID:
CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the ventilator's microcontroller lacks memory protection. A local attacker can connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLife2000 Ventilation System: - - 06.08.00.00
CPE2.3- cpe:2.3:h:baxter:life2000_ventilation_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:baxter:life2000_ventilation_system:06.08.00.00:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU100608
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-8004
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the flash memory read-out protection feature on the microcontroller does not block memory access via the ICode bus. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLife2000 Ventilation System: - - 06.08.00.00
CPE2.3- cpe:2.3:h:baxter:life2000_ventilation_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:baxter:life2000_ventilation_system:06.08.00.00:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Missing Authentication for Critical Function
EUVDB-ID: #VU100609
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-48966
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the software tools used by service personnel to test & calibrate the ventilator do not support user authentication. A remote attacker can obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLife2000 Ventilation System: - - 06.08.00.00
CPE2.3- cpe:2.3:h:baxter:life2000_ventilation_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:baxter:life2000_ventilation_system:06.08.00.00:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Insufficient Logging
EUVDB-ID: #VU100633
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-48967
CWE-ID:
CWE-778 - Insufficient Logging
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. A remote attacker can make unauthorized changes to ventilator settings.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLife2000 Ventilation System: - - 06.08.00.00
CPE2.3- cpe:2.3:h:baxter:life2000_ventilation_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:baxter:life2000_ventilation_system:06.08.00.00:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
