Baxter PrismaFlex and PrisMax (Update B)

Monitor7.6ICS-CERT ICSMA-20-170-02Jun 18, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Baxter PrismaFlex and PrisMax infusion pumps contain multiple vulnerabilities (CWE-319: cleartext transmission, CWE-287: weak authentication, CWE-259: hardcoded credentials) that allow an attacker with network access to view and alter sensitive patient data and treatment parameters. The vulnerabilities stem from unencrypted communications and insufficient authentication controls on device APIs. PrisMax affects all versions below 3.x; PrismaFlex affects all versions currently in use. The primary risk is unauthorized access to infusion parameters or patient data by an attacker on the hospital network.

What this means

What could happen

An attacker with network access could view and alter sensitive patient data or treatment parameters on infusion pumps, potentially affecting medication delivery accuracy or patient safety.

Who's at risk

Hospital clinical engineering and IT teams managing infusion pump deployments. Affects Baxter PrismaFlex and PrisMax infusion pump systems in inpatient care, ICU, and chemotherapy units. Risk is highest in facilities with shared hospital networks where medical device traffic is not segregated from general IT traffic.

How it could be exploited

An attacker on the hospital network could intercept unencrypted communications to or from the PrismaFlex or PrisMax infusion pump, or could send commands directly to the device without authentication (weakly authenticated or unauthenticated API calls allow viewing and modifying infusion parameters).

Prerequisites

Network access to the device (wired or wireless hospital network)
No valid credentials required for exploitation
Device must be reachable from the attacker's network position (e.g., same subnet or accessible VLAN)

remotely exploitableno authentication requiredlow complexityaffects safety systemsno patch available for most affected versions

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

PrisMax: all< 3.xNo fix (EOL)

PrismaFlex: all versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGImplement network segmentation to isolate medical devices (PrismaFlex, PrisMax) on a dedicated VLAN with strict firewall rules allowing only necessary traffic to PDMS/EMR systems

WORKAROUNDIf using PrismaFlex SW 8.2x (available in some regions), configure device-specific service password to add authentication layer

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade PrisMax devices to PrisMax v3 with Digital Communication Module (DCM) to enable mutually authenticated TLS 1.2 encryption to PDMS/EMR systems

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: PrisMax: all, PrismaFlex: all versions. Apply the following compensating controls:

HARDENINGVerify compatibility and re-evaluate security risks whenever PDMS or EMR systems are integrated with or updated alongside PrismaFlex and PrisMax devices

HARDENINGImplement network monitoring to detect unauthorized access attempts to infusion pump communication ports and APIs

CVEs (3)

CVE-2020-12036 CVE-2020-12035 CVE-2020-12037

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1e8b93a5-50e6-4e5b-98f2-75ba329488fe