CVE-2014-5434

CRITICAL Year: 2014
CVSS v3 Score
9.8
Critical
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-259
View all →

Vulnerability Description

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.

Related Vulnerabilities

CVE-2014-125030

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The ...

CWE-2592014

CVE-2015-3953

CRITICAL
CVSS:9.8(Critical)

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. H...

CWE-2592015

CVE-2016-9358

CRITICAL
CVSS:9.8(Critical)

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bi...

CWE-2592016

CVE-2017-20039

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to...

CWE-2592017

CVE-2017-6022

CRITICAL
CVSS:9.8(Critical)

A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use har...

CWE-2592017

CVE-2018-25069

CRITICAL
CVSS:9.8(Critical)

A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack...

CWE-2592018