Details of VAR-201903-0661

ID

VAR-201903-0661

CVE

CVE-2014-5434

TITLE

Baxter SIGMA Spectrum Infusion System Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2014-008654

DESCRIPTION

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Baxter SIGMA Spectrum Infusion System Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Baxter Wireless Battery Module (WBM) is prone to multiple security vulnerabilities. Attackers may exploit these issues to gain unauthorized access, obtain sensitive information, or bypass the authentication mechanism and gain access to the vulnerable device. Baxter SIGMA Spectrum Infusion System is an intelligent infusion system developed by Baxter, USA. A security vulnerability exists in Baxter WBM

Trust: 1.98

sources: NVD: CVE-2014-5434 // JVNDB: JVNDB-2014-008654 // BID: 76895 // VULHUB: VHN-73376

AFFECTED PRODUCTS

vendor:	baxter	model:	sigma spectrum infusion system	scope:	eq	version:	6.05	Trust: 1.0
vendor:	baxter	model:	sigma spectrum infusion system	scope:	eq	version:	6.05 (model 35700bax)	Trust: 0.8
vendor:	baxter	model:	wireless battery module	scope:	eq	version:	0	Trust: 0.3
vendor:	baxter	model:	sigma spectrum infusion system	scope:	eq	version:	0	Trust: 0.3
vendor:	baxter	model:	wireless battery module	scope:	ne	version:	16	Trust: 0.3
vendor:	baxter	model:	sigma spectrum infusion system	scope:	ne	version:	6.05	Trust: 0.3

sources: BID: 76895 // JVNDB: JVNDB-2014-008654 // NVD: CVE-2014-5434

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-5434
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2014-5434
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201510-775
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-73376
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-5434
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-73376
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-5434
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-73376 // JVNDB: JVNDB-2014-008654 // CNNVD: CNNVD-201510-775 // NVD: CVE-2014-5434

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.9
problemtype:	CWE-259	Trust: 1.0

sources: VULHUB: VHN-73376 // JVNDB: JVNDB-2014-008654 // NVD: CVE-2014-5434

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-775

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201510-775

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008654

PATCH

title:

Top Page

url:

https://www.baxter.com/

Trust: 0.8

sources: JVNDB: JVNDB-2014-008654

EXTERNAL IDS

db:	NVD	id:	CVE-2014-5434	Trust: 2.8
db:	ICS CERT	id:	ICSA-15-181-01	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-008654	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-775	Trust: 0.7
db:	BID	id:	76895	Trust: 0.3
db:	VULHUB	id:	VHN-73376	Trust: 0.1

sources: VULHUB: VHN-73376 // BID: 76895 // JVNDB: JVNDB-2014-008654 // CNNVD: CNNVD-201510-775 // NVD: CVE-2014-5434

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-181-01	Trust: 2.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-5434	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5434	Trust: 0.8
url:	http://www.baxter.com/	Trust: 0.3

sources: VULHUB: VHN-73376 // BID: 76895 // JVNDB: JVNDB-2014-008654 // CNNVD: CNNVD-201510-775 // NVD: CVE-2014-5434

CREDITS

Jared Bird of Allina IS Security

Trust: 0.9

sources: BID: 76895 // CNNVD: CNNVD-201510-775

SOURCES

db:	VULHUB	id:	VHN-73376
db:	BID	id:	76895
db:	JVNDB	id:	JVNDB-2014-008654
db:	CNNVD	id:	CNNVD-201510-775
db:	NVD	id:	CVE-2014-5434

LAST UPDATE DATE

2024-11-23T22:17:06.959000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-73376	date:	2019-10-09T00:00:00
db:	BID	id:	76895	date:	2015-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-008654	date:	2019-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201510-775	date:	2019-10-10T00:00:00
db:	NVD	id:	CVE-2014-5434	date:	2024-11-21T02:12:02.537

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-73376	date:	2019-03-26T00:00:00
db:	BID	id:	76895	date:	2015-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-008654	date:	2019-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201510-775	date:	2015-09-29T00:00:00
db:	NVD	id:	CVE-2014-5434	date:	2019-03-26T15:29:00.287