What is the CVSS score of CVE-2024-1275?

The CVSS score of CVE-2024-1275 is 9.1.

Which versions of Welch Allyn Connex Spot Monitor (CSM) are affected by CVE-2024-1275?

Versions 1.52 and prior of the Welch Allyn Connex Spot Monitor (CSM) are affected by CVE-2024-1275.

What should users do to mitigate the CVE-2024-1275 vulnerability?

Users should upgrade to the latest software version (1.5.2.01) to mitigate the CVE-2024-1275 vulnerability.

Baxter patches critical flaw in Welch Allyn Connex Spot Monitor

Q: What does the Welch Allyn Connex Spot Monitor (CSM) do?

The Welch Allyn Connex Spot Monitor (CSM) is a medical device used for capturing and monitoring vital signs in clinical settings, such as blood pressure, pulse rate, temperature, and oxygen saturation (SpO2).

Q: What is the nature of the CVE-2024-1275 vulnerability?

The CVE-2024-1275 vulnerability is associated with the use of a default cryptographic key, allowing attackers to modify device configurations and firmware data, potentially leading to device compromise and impacting patient care.

Q: What does CISA advise regarding the deployment of defensive measures for CVE-2024-1275?

CISA advises performing impact analysis and risk assessment before deploying defensive measures.

published: May 30, 2024

Take action: If your hospital is using Baxter CSM, make sure it's on an isolated secure network. Then work with the medical and IT teams to plan for a patch process which does not disrupt clinical operations. You can take it slow, just not abandon it.

Learn More

Baxter has addressed a critical security vulnerability in their Welch Allyn Connex Spot Monitor (CSM) devices, which can be exploited remotely. CSM is a medical device used for capturing and monitoring vital signs in clinical settings, like blood pressure, pulse rate, temperature, and oxygen saturation (SpO2).

The flaw, tracked as CVE-2024-1275 (CVSS score 9.1), is associated with the use of a default cryptographic key, allowing attackers to modify device configurations and firmware data, potentially leading to device compromise and impacting patient care.

Affected Products are Welch Allyn Connex Spot Monitor (CSM): Versions 1.52 and prior.

Baxter has released a software update version 1.5.2.01 to mitigate this vulnerability: Users should upgrade to the latest version (1.5.2.01) to mitigate the vulnerability.

CISA also advises performing impact analysis and risk assessment before deploying defensive measure

Baxter patches critical flaw in Welch Allyn Connex Spot Monitor