Baxter Connex Health Portal

Act Now10ICS-CERT ICSMA-24-249-01Sep 5, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Baxter Connex Health Portal versions before 8/30/2024 contain SQL injection (CWE-89) and improper access control (CWE-284) vulnerabilities. Successful exploitation could allow an attacker to inject malicious code, shut down the database service, or access, modify, or delete sensitive patient and health data from the database. Baxter states these vulnerabilities were patched promptly after discovery, but the advisory lists no fixed version available for users currently on vulnerable versions.

What this means

What could happen

An attacker could inject malicious code into the Connex Health Portal database, shut down the database service, or access, modify, or delete sensitive patient and health data stored in the system.

Who's at risk

Healthcare providers and health systems using Baxter Connex Health Portal should prioritize this issue. The portal handles patient and health records, making it critical for clinical workflows and regulatory compliance (HIPAA). Any compromise could impact patient privacy, care delivery, and organizational liability.

How it could be exploited

An attacker with network access to the Connex Health Portal can exploit SQL injection (CWE-89) or improper access control (CWE-284) vulnerabilities to inject malicious SQL commands or bypass authentication, gaining unauthorized database access without requiring valid credentials.

Prerequisites

Network access to Baxter Connex Health Portal (port and protocol unknown from advisory)
No authentication required

Remotely exploitableNo authentication requiredLow complexity attackCVSS score 10.0 (critical)Affects sensitive health data systemsNo patch available

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

Baxter Connex Health Portal: <8/30/2024<8/30/2024No fix yet

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGNetwork-isolate Connex Health Portal systems from internet access and business networks using firewall rules to restrict inbound access

HARDENINGPlace Connex Health Portal behind a firewall if not already done; restrict access to only authorized administrative and clinical staff

HARDENINGMonitor database logs and access attempts to the Connex Health Portal for suspicious activity; report findings to CISA

Long-term hardening

0/1

HARDENINGIf remote access is required, implement VPN with current patches; audit VPN access controls and monitor for unauthorized connections

CVEs (2)

CVE-2024-6795 CVE-2024-6796

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1e5be5fc-841f-4d9f-9735-236ddcdc7ee1