Baxter PrismaFlex and PrisMax (Update B)

Risk Summary

Successful exploitation of these vulnerabilities may allow an attacker with network access to view and alter sensitive data.

CVEs (3)

Remediations

• Prismaflex versions SW 8.2x include the option to set a device specific service password. Note: Prismaflex Versions SW 8.2x are not available in all regions, including the United States.
• For PrisMax, Baxter recommends users upgrade to PrisMaxv3 with DCM (Digital Communication Module), which supports mutually authenticated TLS tunnel to a PDMS or EMR system capable of implementing the latest TLS 1.2.
• Additionally, Baxter recommends users of affected devices implement the following best practices:
• Baxter also recommends that if a PDMS or EMR system is used with the affected devices, users should verify compatibility between the two systems. Users should also identify, analyze, evaluate, and control all risks associated with integration of medical devices in an enterprise network. Subsequent changes to the enterprise network could introduce new risks and require new analysis. The use of a PDMS or EMR system not compatible with the PrismaFlex and PrisMax systems can result in the presentation of erroneous data.
• For additional information please see the Baxter Product Security Bulletins for PrismaFlex and PrisMax.

Affected Vendors

Affected Products (2)

Affected Sectors

Healthcare and Public Health