How severe is CVE-2014-5432?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2014-5432?

This is classified as CWE-592, which is a common weakness in software security.

CVE-2014-5432

CRITICAL Year: 2014

CVSS v3 Score

9.8

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-592

View all →

Vulnerability Description

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.

CVE-2018-1085

CRITICAL

CVSS:9.8(Critical)

openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CER...

CWE-5922018

CVE-2018-14643

CRITICAL

CVSS:9.8(Critical)

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulne...

CWE-5922018

CVE-2018-10933

CRITICAL

CVSS:9.1(Critical)

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthor...

CWE-5922018

CVE-2017-2684

CRITICAL

CVSS:9.0(Critical)

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level aut...

CWE-5922017

CVE-2018-10847

HIGH

CVSS:8.8(High)

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. ...

CWE-5922018

CVE-2017-2650

HIGH

CVSS:8.5(High)

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permissi...

CWE-5922017

CVE-2014-5432

Vulnerability Description

Related Vulnerabilities

CVE-2018-1085

CVE-2018-14643

CVE-2018-10933

CVE-2017-2684

CVE-2018-10847

CVE-2017-2650