{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-1275", "ASSIGNER": "productsecurity@baxter.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-1394 Use of Default Cryptographic Key", "cweId": "CWE-1394" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Baxter", "product": { "product_data": [ { "product_name": "Welch Allyn Connex Spot Monitor", "version": { "version_data": [ { "version_affected": "<=", "version_name": "0", "version_value": "1.52" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-151-02", "refsource": "MISC", "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-151-02" } ] }, "generator": { "engine": "Vulnogram 0.2.0" }, "source": { "advisory": "ICSMA-24-151-02", "discovery": "UNKNOWN" }, "solution": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

Baxter has released a software update for all impacted devices and software to address this vulnerability. A new version of the product that mitigates the vulnerability is available as follows:

Baxter recommends users upgrade to the latest versions of their products. Information on how to update products to their new versions can be found on the Baxter disclosure page or the Hillrom disclosure page.

Baxter recommends the following workarounds to help reduce risk:

" } ], "value": "Baxter has released a software update for all impacted devices and software to address this vulnerability. A new version of the product that mitigates the vulnerability is available as follows:\n\n * Welch Allyn Connex Spot Monitor: Version 1.52.01 (available October 16, 2023)\n\n\nBaxter recommends users upgrade to the latest versions of their products. Information on how to update products to their new versions can be found on the Baxter disclosure page https://www.baxter.com/product-security \u00a0or the Hillrom disclosure page https://www.hillrom.com/en/responsible-disclosures/ .\n\nBaxter recommends the following workarounds to help reduce risk:\n\n * Apply proper network and physical security controls.\n * Ensure a unique encryption key is configured and applied to the product (as described in the Connex Spot Monitor Service Manual)." } ], "credits": [ { "lang": "en", "value": "Maarten Boone and Edwin Van Andel (CTO of Zerocopter) reported this vulnerability to Baxter." } ] }