Sign-up

ID

VAR-201903-0659


CVE

CVE-2014-5432


TITLE

Baxter SIGMA Spectrum Infusion System Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-008652

DESCRIPTION

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Baxter Wireless Battery Module (WBM) is prone to multiple security vulnerabilities. Attackers may exploit these issues to gain unauthorized access, obtain sensitive information, or bypass the authentication mechanism and gain access to the vulnerable device. A security vulnerability exists in Baxter WBM

Trust: 1.98

sources: NVD: CVE-2014-5432 // JVNDB: JVNDB-2014-008652 // BID: 76895 // VULHUB: VHN-73373

AFFECTED PRODUCTS

vendor:baxtermodel:sigma spectrum infusion systemscope:eqversion:6.05

Trust: 1.0

vendor:baxtermodel:sigma spectrum infusion systemscope:eqversion:6.05 (model 35700bax)

Trust: 0.8

vendor:baxtermodel:wireless battery modulescope:eqversion:0

Trust: 0.3

vendor:baxtermodel:sigma spectrum infusion systemscope:eqversion:0

Trust: 0.3

vendor:baxtermodel:wireless battery modulescope:neversion:16

Trust: 0.3

vendor:baxtermodel:sigma spectrum infusion systemscope:neversion:6.05

Trust: 0.3

sources: BID: 76895 // JVNDB: JVNDB-2014-008652 // NVD: CVE-2014-5432

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-5432
value: CRITICAL

Trust: 1.0

NVD: CVE-2014-5432
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201510-773
value: CRITICAL

Trust: 0.6

VULHUB: VHN-73373
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-5432
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-73373
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-5432
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-73373 // JVNDB: JVNDB-2014-008652 // CNNVD: CNNVD-201510-773 // NVD: CVE-2014-5432

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

problemtype:CWE-592

Trust: 1.0

sources: VULHUB: VHN-73373 // JVNDB: JVNDB-2014-008652 // NVD: CVE-2014-5432

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-773

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201510-773

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008652

PATCH
title:Top Pageurl:https://www.baxter.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008652

EXTERNAL IDS
db:NVDid:CVE-2014-5432
Trust: 2.8
db:ICS CERTid:ICSA-15-181-01
Trust: 2.8
db:JVNDBid:JVNDB-2014-008652
Trust: 0.8
db:CNNVDid:CNNVD-201510-773
Trust: 0.7
db:BIDid:76895
Trust: 0.3
db:VULHUBid:VHN-73373
Trust: 0.1
sources:
            
            
            VULHUB: VHN-73373 // 
            
            
            
            BID: 76895 // 
            
            
            
            JVNDB: JVNDB-2014-008652 // 
            
            
            
            CNNVD: CNNVD-201510-773 // 
            
            
            
            NVD: CVE-2014-5432

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-181-01
Trust: 2.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-5432
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5432
Trust: 0.8
url:http://www.baxter.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-73373 // 
            
            
            
            BID: 76895 // 
            
            
            
            JVNDB: JVNDB-2014-008652 // 
            
            
            
            CNNVD: CNNVD-201510-773 // 
            
            
            
            NVD: CVE-2014-5432

CREDITS
Jared Bird of Allina IS Security
Trust: 0.9
sources:
            
            
            BID: 76895 // 
            
            
            
            CNNVD: CNNVD-201510-773

SOURCES
db:VULHUBid:VHN-73373
db:BIDid:76895
db:JVNDBid:JVNDB-2014-008652
db:CNNVDid:CNNVD-201510-773
db:NVDid:CVE-2014-5432

LAST UPDATE DATE
2024-11-23T22:17:06.928000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-73373date:2019-10-09T00:00:00
db:BIDid:76895date:2015-09-29T00:00:00
db:JVNDBid:JVNDB-2014-008652date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201510-773date:2019-10-10T00:00:00
db:NVDid:CVE-2014-5432date:2024-11-21T02:12:02.290

SOURCES RELEASE DATE
db:VULHUBid:VHN-73373date:2019-03-26T00:00:00
db:BIDid:76895date:2015-09-29T00:00:00
db:JVNDBid:JVNDB-2014-008652date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201510-773date:2015-09-29T00:00:00
db:NVDid:CVE-2014-5432date:2019-03-26T16:29:00.290