ICSMA-24-319-01 · Published 2024-11-14 · View on CISA ICS-CERT ↗

Baxter Life2000 Ventilation System

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could lead to information disclosure and/or disruption of the device's function without detection.

CVE-2024-9834 CVE-2024-9832 CVE-2024-48971 CVE-2024-48973 CVE-2024-48974 CVE-2024-48970 CVE-2020-8004 CVE-2024-48966 CVE-2024-48967

Baxter plans to issue a follow-up announcement in Q2 2025 regarding the Life2000 vulnerabilities described in this disclosure.
Baxter is unaware of any exploitation of these vulnerabilities and/or the compromise of personal or health data.
Baxter recommends that users of the Life2000 Ventilation System not leave their ventilators unattended in public or unsecured areas. Maintaining physical possession and control of the ventilator reduces the likelihood of a malicious actor gaining access to the device.
For more information, refer to Baxter's Product Security and Responsible Disclosures web page.

Baxter

Baxter · Life2000 Ventilation System <=06.08.00.00

Healthcare and Public Health

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.