Baxter Welch Allyn Configuration Tool carries critical vulnerability
Take action: It seems that the Baxter Welch Allyn Configuration Tool flaw won't be fixed any time soon. It's best to stop using the tool and shut it down to minimize risks - or at least keep it in a very isolated network and only active when you are making a configuration, otherwise turned off. Contact your Baxter representative for details on this process.
Learn More
After the alert for Baxter Welch Allyn Connex Spot Monitor, another component of the same product line is reported as vulnerable.
The Health Sector Cybersecurity Coordination Center (HC3) has issued an alert for a critical vulnerability in the Baxter Welch Allyn Configuration Tool:
- CVE-2024-5176 (CVSS score 9.4) - Insufficiently protected credentials, allowing unauthorized interception during transmission. Affected versions are 1.9.4.1 and prior
Baxter has confirmed that there is no evidence of these vulnerabilities being exploited in the wild. The flaws can potentially expose credentials and allow unauthorized modification of device configuration and firmware data. Successful exploitation may impact or delay patient care.
For the Configuration Tool, a software update is expected in Q3 2024. Meanwhile, the tool has been removed from public access. Customers are advised to contact their Baxter project manager for configuration needs.
