Vulnerability Details CVE-2020-12048
Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-12048
-
cpe:2.3:h:baxter:phoenix_x36:-
-
cpe:2.3:o:baxter:phoenix_x36_firmware:3.36
-
cpe:2.3:o:baxter:phoenix_x36_firmware:3.40