ICSMA-24-151-01 · Published 2024-05-30 · View on CISA ICS-CERT ↗

Baxter Welch Allyn Configuration Tool

CVSS 9.6 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could lead to the unintended exposure of credentials to unauthorized users.

CVE-2024-5176

Baxter has found no evidence to date of any compromise of personal or health data. Baxter will release a software update for all impacted software to address this vulnerability. A new version of the product that mitigates the vulnerability will be available as follows:
Welch Allyn Product Configuration Tool versions 1.9.4.2: Available Q3 2024
No user action will be required once the update is released.
Baxter recommends the following workarounds to help reduce risk:
Apply proper network and physical security controls.
The Welch Allyn Configuration Tool has been removed from public access. Customers are advised to contact Baxter Technical Support or their Baxter Project Manager to create configuration files, as needed. Baxter Technical Support can be reached at (800)535-6663, option 2.

Baxter

Baxter · Welch Allyn Product Configuration Tool <=1.9.4.1

Healthcare and Public Health

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.