Baxter Sigma Spectrum Infusion Pumps (Update B)

Risk Summary

Successful exploitation of these vulnerabilities could result in access to sensitive data, alteration of system configuration, and impact to system availability.

CVEs (6)

Remediations

• Baxter recommends ensuring appropriate physical controls within user environments to protect against unauthorized access to devices.
• Baxter recommends isolating the Spectrum Infusion Systems to its own network VLAN to segregate the system from other hospital systems, and reduce the probability that a threat actor could execute an adjacent attack such as a MiTM attack against the system to observe clear-text communications.
• Baxter recommends using the strongest available wireless network security protocols (e.g., WPA2, EAP-TLS, etc.) to provide authentication and encryption of wireless data sent to and from the Spectrum Infusion System.
• Users should ensure the WBM is rebooted after configuration for their network(s) by removing the WBM from the rear of the Spectrum device for 10-15 seconds, and then re-attaching the WBM.
• Users should always monitor for and/or block unexpected traffic, such as FTP, at network boundaries into the Spectrum-specific VLAN.
• As a last resort, users may disable wireless operation of the pump. The Spectrum Infusion System was designed to operate without network access. This action would impact an organization 's ability to rapidly deploy drug library (formulary) updates to their pumps.
• For additional information please see the Baxter Product Security Bulletin.

Affected Vendors

Affected Products (6)

Affected Sectors

Healthcare and Public Health