Endpoint/Device Security

Baxter infusion pump vulnerabilities identified

SecurityWeek reports that Baxter's Sigma Spectrum infusion pumps and Sigma WiFi batteries are impacted by five security vulnerabilities, some of which could be exploited to facilitate credential leakage. Threat actors could abuse a vulnerability stemming from the delivery of unencrypted data to the battery, tracked as CVE-2022-26390, to enable credential leakage and extraction in an effort to access WiFi networks, should the battery's non-volatile memory not be overwritten prior to the unit's decommissioning, according to an advisory from Rapid7. "When the devices are de-acquisitioned and no efforts are made to overwrite the stored data, anyone acquiring these devices on the secondary market could gain access to critical WiFi credentials of the organization that de-acquisitioned the devices," said Rapid7. Sigma WiFi battery is also impacted by a format string flaw within a telnet session's "hostmessage" command, tracked as CVE-2022-26392, which could be abused to allow output viewing. Health organizations leveraging the infusion pumps have been urged to restrict physical access both to the pumps and batteries, as well limit network segment access for the pumps.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.