ICSMA-24-249-01 · Published 2024-09-05 · View on CISA ICS-CERT ↗

Baxter Connex Health Portal

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could lead to malicious code injection, shutdown of database service, or the ability to access, modify, or delete sensitive data from the database.

CVEs (2)

CVE-2024-6795 CVE-2024-6796

Remediations

Baxter is unaware of any exploitation of these vulnerabilities and/or the compromise of personal or health data. No user action is required.
Baxter recommends the following workarounds to help reduce risk:
These vulnerabilities were patched promptly after discovery and no additional user action is required.

Affected Vendors

Baxter

Affected Products (1)

Baxter · Baxter Connex Health Portal <8/30/2024

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more