Baxter Life2000 Ventilation System

Act Now10ICS-CERT ICSMA-24-319-01Nov 14, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Baxter Life2000 Ventilation System (firmware version 06.08.00.00 and earlier) contains multiple critical vulnerabilities related to weak encryption (CWE-319), insufficient authentication (CWE-307, CWE-306), hardcoded credentials (CWE-798), insecure firmware updates (CWE-494, CWE-1191), and insufficient code protection (CWE-1263, CWE-1318). These weaknesses could allow an attacker to disrupt device operation undetected or access protected health information. Successful exploitation requires either physical access to an unattended ventilator or network connectivity to the device. The device does not require valid credentials to exploit (PR:N per CVSS). Baxter has not yet released a patch and plans to issue a follow-up announcement in Q2 2025.

What this means

What could happen

An attacker with physical or network access to a Life2000 ventilator could disrupt its operation undetected or gain unauthorized access to patient data. This could impair or stop ventilator function, directly affecting patient care.

Who's at risk

This affects hospitals, clinics, and mobile health providers using Baxter Life2000 ventilators for patient respiratory support. Any facility operating these devices in environments where physical security cannot be guaranteed or that are network-connected is at risk.

How it could be exploited

An attacker with physical access to an unattended ventilator, or network access to the device, could exploit multiple weaknesses in authentication, encryption, and firmware verification to take control of the device, modify settings, or extract sensitive health information without leaving a trace.

Prerequisites

Physical access to the ventilator in an unsecured location
Or: Network connectivity to the Life2000 device
No credentials required according to CVSS vector (PR:N)

Remotely exploitableNo authentication requiredLow complexity attackNo patch available yetAffects safety-critical medical deviceMultiple authentication and encryption weaknesses

Exploitability

Moderate exploit probability (EPSS 6.2%)

Affected products (1)

ProductAffected VersionsFix Status

Life2000 Ventilation System: <=06.08.00.00≤ 06.08.00.00No fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGDo not leave Life2000 ventilators unattended in public or unsecured areas; maintain continuous physical possession and control.

HARDENINGImplement network segmentation to restrict access to Life2000 devices from untrusted networks.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Baxter's Product Security and Responsible Disclosures page for Q2 2025 follow-up announcement and patch availability.

CVEs (9)

CVE-2024-9834 CVE-2024-9832 CVE-2024-48971 CVE-2024-48973 CVE-2024-48974 CVE-2024-48970 CVE-2020-8004 CVE-2024-48966 CVE-2024-48967

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/022b9b14-e329-449e-9fdb-6b76466ee762