← Back to CVEs
CVE-2024-48967
CRITICAL10.0
Description
The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.
CVE Details
CVSS v3.1 Score10.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published11/14/2024
Last Modified11/15/2024
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-778
References
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01(productsecurity@baxter.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.