CVE-2020-12037

HIGH Year: 2020
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-259
View all →

Vulnerability Description

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.

Related Vulnerabilities

CVE-2019-3908

HIGH
CVSS:7.5(High)

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and ob...

CWE-2592019

CVE-2020-5351

HIGH
CVSS:7.5(High)

Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious use...

CWE-2592020

CVE-2021-21818

HIGH
CVSS:7.5(High)

A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker ca...

CWE-2592021

CVE-2021-28813

HIGH
CVSS:7.5(High)

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote at...

CWE-2592021

CVE-2022-22144

HIGH
CVSS:7.5(High)

A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always ...

CWE-2592022

CVE-2022-29825

HIGH
CVSS:7.5(High)

Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U and GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C allows an unauthenticated at...

CWE-2592022