Default Account with Hard-Coded Credentials in Baxter SIGMA Spectrum Infusion System

Default Account with Hard-Coded Credentials in Baxter SIGMA Spectrum Infusion System

CVE-2014-5434 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.

Learn more about our Wireless Penetration Test.