CVE-2020-12037

HIGH

Baxter Prismaflex Firmware < 3.0 - Cleartext Transmission

Title source: rule
STIX 2.1

Description

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.

References (2)

Scores

CVSS v3 7.5
EPSS 0.0007
EPSS Percentile 21.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-319 CWE-259
Status published
Products (2)
baxter/prismaflex_firmware
baxter/prismax_firmware < 3.0
Published Jun 29, 2020
Tracked Since Feb 18, 2026