cbcvebase.
CVE-2014-5432
published 2019-03-26

CVE-2014-5432: Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH…

PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.57%
83.2th percentile
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.

Affected

2 ranges
VendorProductVersion rangeFixed in
baxtersigma_spectrum_infusion_system
baxtersigma_spectrum_infusion_system_firmware

Detection & IOCsextracted from sources · hover to see the quote

port22/SSH
port21/FTP
  • Monitor for unauthenticated SSH connections (no prior auth exchange) inbound to Port 22 on Baxter SIGMA Spectrum WBM devices (model 35700BAX, WBM version 16).
  • Alert on any SSH or FTP traffic directed at medical device VLANs/segments hosting Baxter WBMs, particularly from outside the designated Wi-Fi VLAN.
  • Detect commands issued over SSH to the WBM that attempt to retrieve wireless account credentials or shared keys stored in cleartext.
  • Flag FTP connections to Baxter WBM devices; the WBM has a default account with hard-coded credentials used with FTP that may indicate exploitation or reconnaissance.
  • ·Vulnerability is specific to SIGMA Spectrum Infusion System Version 6.05 (model 35700BAX) with WBM Version 16 only; Version 8 removes the SSH service entirely and is not affected by CVE-2014-5432.
  • ·Baxter asserts exploitation is limited to WBM features and does not allow control of infusion pump parameters; however, wireless credentials and shared keys are exposed.
  • ·No known public exploits exist for this vulnerability; exploitation requires low skill level and network-level access to the WBM.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.