CVE-2014-5431

CVE-2014-5431 is a medium-severity vulnerability in Baxter Sigma Spectrum Infusion System Firmware with a CVSS 3.x base score of 6.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-798.

Key facts

Description

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.

Frequently asked questions

What is CVE-2014-5431?
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.
How severe is CVE-2014-5431?
CVE-2014-5431 has a CVSS 3.x base score of 6.8, rated medium severity. It is exploitable over physical access with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
Is CVE-2014-5431 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (30th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2014-5431?
CVE-2014-5431 affects Baxter Sigma Spectrum Infusion System Firmware. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2014-5431?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2014-5431 published?
CVE-2014-5431 was published on 2019-03-26 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Baxter Sigma Spectrum Infusion System Firmware

All CVEs affecting Baxter Sigma Spectrum Infusion System Firmware →

Other CWE-798 (Use of Hard-coded Credentials) vulnerabilities

Browse all CWE-798 (Use of Hard-coded Credentials) vulnerabilities →