CVE-2020-12048

CVE-2020-12048

Vendor N/A
Product Baxter Phoenix Hemodialysis Delivery System
Weakness CWE-319 · Cleartext transmission
Published June 29, 2020
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool.

Key dates

02Disclosure timeline

June 29, 2020 CVE published
August 4, 2024 Record updated