CVE-2020-12048
HIGHPhoenix Hemodialysis Delivery System 3.36 and 3.40 - Cleartext Transmission of Sensitive Treatment Data
Title source: llmDescription
Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsma-20-170-03
Scores
CVSS v3
7.5
EPSS
0.0045
EPSS Percentile
35.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (2)
baxter/phoenix_x36_firmware
3.36
baxter/phoenix_x36_firmware
3.40
Published
Jun 29, 2020
Tracked Since
Feb 18, 2026