Insufficient Logging in Life2000 Ventilation System - CVE-2024-48967
Published: November 19, 2024
Vulnerability identifier: #VU100633
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-48967
CWE-ID: CWE-778
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Baxter
Affected software:
Life2000 Ventilation System
Life2000 Ventilation System
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. A remote attacker can make unauthorized changes to ventilator settings.
How to mitigate CVE-2024-48967
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.