Details of VAR-201903-0660

ID

VAR-201903-0660

CVE

CVE-2014-5433

TITLE

Baxter SIGMA Spectrum Infusion System Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2014-008653

DESCRIPTION

An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Baxter SIGMA Spectrum Infusion System Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Baxter Wireless Battery Module (WBM) is prone to multiple security vulnerabilities. Attackers may exploit these issues to gain unauthorized access, obtain sensitive information, or bypass the authentication mechanism and gain access to the vulnerable device. Baxter SIGMA Spectrum Infusion System is an intelligent infusion system developed by Baxter, USA. A security vulnerability exists in Baxter WBM

Trust: 1.98

sources: NVD: CVE-2014-5433 // JVNDB: JVNDB-2014-008653 // BID: 76895 // VULHUB: VHN-73375

AFFECTED PRODUCTS

vendor:	baxter	model:	sigma spectrum infusion system	scope:	eq	version:	6.05	Trust: 1.0
vendor:	baxter	model:	sigma spectrum infusion system	scope:	eq	version:	6.05 (model 35700bax)	Trust: 0.8
vendor:	baxter	model:	wireless battery module	scope:	eq	version:	0	Trust: 0.3
vendor:	baxter	model:	sigma spectrum infusion system	scope:	eq	version:	0	Trust: 0.3
vendor:	baxter	model:	wireless battery module	scope:	ne	version:	16	Trust: 0.3
vendor:	baxter	model:	sigma spectrum infusion system	scope:	ne	version:	6.05	Trust: 0.3

sources: BID: 76895 // JVNDB: JVNDB-2014-008653 // NVD: CVE-2014-5433

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-5433
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2014-5433
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201510-774
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-73375
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-5433
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-73375
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-5433
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-73375 // JVNDB: JVNDB-2014-008653 // CNNVD: CNNVD-201510-774 // NVD: CVE-2014-5433

PROBLEMTYPE DATA

problemtype:	CWE-255	Trust: 1.9
problemtype:	CWE-312	Trust: 1.0

sources: VULHUB: VHN-73375 // JVNDB: JVNDB-2014-008653 // NVD: CVE-2014-5433

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-774

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201510-774

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008653

PATCH

title:

Top Page

url:

https://www.baxter.com/

Trust: 0.8

sources: JVNDB: JVNDB-2014-008653

EXTERNAL IDS

db:	NVD	id:	CVE-2014-5433	Trust: 2.8
db:	ICS CERT	id:	ICSA-15-181-01	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-008653	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-774	Trust: 0.7
db:	BID	id:	76895	Trust: 0.3
db:	VULHUB	id:	VHN-73375	Trust: 0.1

sources: VULHUB: VHN-73375 // BID: 76895 // JVNDB: JVNDB-2014-008653 // CNNVD: CNNVD-201510-774 // NVD: CVE-2014-5433

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-181-01	Trust: 2.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-5433	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5433	Trust: 0.8
url:	http://www.baxter.com/	Trust: 0.3

sources: VULHUB: VHN-73375 // BID: 76895 // JVNDB: JVNDB-2014-008653 // CNNVD: CNNVD-201510-774 // NVD: CVE-2014-5433

CREDITS

Jared Bird of Allina IS Security

Trust: 0.9

sources: BID: 76895 // CNNVD: CNNVD-201510-774

SOURCES

db:	VULHUB	id:	VHN-73375
db:	BID	id:	76895
db:	JVNDB	id:	JVNDB-2014-008653
db:	CNNVD	id:	CNNVD-201510-774
db:	NVD	id:	CVE-2014-5433

LAST UPDATE DATE

2024-11-23T22:17:07.023000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-73375	date:	2019-10-09T00:00:00
db:	BID	id:	76895	date:	2015-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-008653	date:	2019-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201510-774	date:	2019-04-04T00:00:00
db:	NVD	id:	CVE-2014-5433	date:	2024-11-21T02:12:02.413

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-73375	date:	2019-03-26T00:00:00
db:	BID	id:	76895	date:	2015-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-008653	date:	2019-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201510-774	date:	2015-09-29T00:00:00
db:	NVD	id:	CVE-2014-5433	date:	2019-03-26T16:29:00.337