mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
91 lines
4.5 KiB
JSON
91 lines
4.5 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-1275",
|
|
"ASSIGNER": "productsecurity@baxter.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-1394 Use of Default Cryptographic Key",
|
|
"cweId": "CWE-1394"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Baxter",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Welch Allyn Connex Spot Monitor",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "0",
|
|
"version_value": "1.52"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-151-02",
|
|
"refsource": "MISC",
|
|
"name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-151-02"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"advisory": "ICSMA-24-151-02",
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<p>Baxter has released a software update for all impacted devices and software to address this vulnerability. A new version of the product that mitigates the vulnerability is available as follows:</p><ul><li>Welch Allyn Connex Spot Monitor: Version 1.52.01 (available October 16, 2023)</li></ul><p>Baxter recommends users upgrade to the latest versions of their products. Information on how to update products to their new versions can be found on the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.baxter.com/product-security\">Baxter disclosure page</a> or the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.hillrom.com/en/responsible-disclosures/\">Hillrom disclosure page</a>.</p><p>Baxter recommends the following workarounds to help reduce risk:</p><ul><li>Apply proper network and physical security controls.</li><li>Ensure a unique encryption key is configured and applied to the product (as described in the Connex Spot Monitor Service Manual).</li></ul>"
|
|
}
|
|
],
|
|
"value": "Baxter has released a software update for all impacted devices and software to address this vulnerability. A new version of the product that mitigates the vulnerability is available as follows:\n\n * Welch Allyn Connex Spot Monitor: Version 1.52.01 (available October 16, 2023)\n\n\nBaxter recommends users upgrade to the latest versions of their products. Information on how to update products to their new versions can be found on the Baxter disclosure page https://www.baxter.com/product-security \u00a0or the Hillrom disclosure page https://www.hillrom.com/en/responsible-disclosures/ .\n\nBaxter recommends the following workarounds to help reduce risk:\n\n * Apply proper network and physical security controls.\n * Ensure a unique encryption key is configured and applied to the product (as described in the Connex Spot Monitor Service Manual)."
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Maarten Boone and Edwin Van Andel (CTO of Zerocopter) reported this vulnerability to Baxter."
|
|
}
|
|
]
|
|
} |