Main Vulnerability Database Vulnerabilities #VU29153

#VU29153 Cleartext transmission of sensitive information in Phoenix Hemodialysis Delivery System - CVE-2020-12048

Published: June 19, 2020

Vulnerability identifier: #VU29153

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-12048

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Phoenix Hemodialysis Delivery System

Software vendor:
Baxter

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can gain access to sensitive data, such as treatment and prescription data sent between the Phoenix system and the Exalis dialysis data management tool.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsma-20-170-03

#VU29153 Cleartext transmission of sensitive information in Phoenix Hemodialysis Delivery System - CVE-2020-12048

Description

Remediation

External links

Please verify you're human