CVE-2024-48966
CRITICALBaxter Life2000 Ventilation System < 06.08.00.00 - Unauthenticated Info Disclosure & Settings Manipulation
Title source: llmDescription
The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
Scores
CVSS v3
10.0
EPSS
0.0068
EPSS Percentile
47.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (1)
Baxter/Life2000 Ventilation System
06.08.00.00 and prior
Published
Nov 14, 2024
Tracked Since
Feb 18, 2026