Main Vulnerability Database Vulnerabilities #VU100633

#VU100633 Insufficient Logging in Life2000 Ventilation System - CVE-2024-48967

Published: November 19, 2024

Vulnerability identifier: #VU100633

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-48967

CWE-ID: CWE-778

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Life2000 Ventilation System

Software vendor:
Baxter

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. A remote attacker can make unauthorized changes to ventilator settings.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
https://www.baxter.com/sites/g/files/ebysai3896/files/2024-11/ICSMA-24-319-01-Baxter-Life-2000-Ventilation-System.pdf

#VU100633 Insufficient Logging in Life2000 Ventilation System - CVE-2024-48967

Description

Remediation

External links

Please verify you're human