Baxter Welch Allyn Connex Spot Monitor

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to modify device configuration and firmware data. Tampering with this data could lead to device compromise, resulting in impact and/or delay in patient care.

CVEs (1)

Remediations

• Baxter has released a software update for all impacted devices and software to address this vulnerability. A new version of the product that mitigates the vulnerability is available as follows:
• Welch Allyn Connex Spot Monitor: Version 1.52.01 (available October 16, 2023)
• Baxter recommends users upgrade to the latest versions of their products. Information on how to update products to their new versions can be found on the Baxter disclosure page or the Hillrom disclosure page.
• Baxter recommends the following workarounds to help reduce risk:
• Apply proper network and physical security controls.
• Ensure a unique encryption key is configured and applied to the product (as described in the Connex Spot Monitor Service Manual).

Affected Vendors

Affected Products (1)

Affected Sectors

Healthcare and Public Health