CVE-2020-12048

Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool.
References
Link Resource
https://www.us-cert.gov/ics/advisories/icsma-20-170-03 Third Party Advisory US Government Resource
Configurations

Configuration 1


Information

Published : 2020-06-29 02:15

Updated : 2020-07-16 01:12


NVD link : CVE-2020-12048

Mitre link : CVE-2020-12048

Products Affected
No products.
CWE
CWE-319

Cleartext Transmission of Sensitive Information