What is CVE-2024-48974?

CVE-2024-48974 is a critical-severity vulnerability in Baxter Life2000 Ventilation System, classified under Download of Code Without Integrity Check. CVSS score: 9.3/10. Published 2024-11-14.

How severe is CVE-2024-48974?

Critical severity. CVSS v3 base score is 9.3 out of 10.

Vulnerability in Baxter Life2000 Ventilation System

CVE-2024-48974

The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality…

EPSS: 0.001 (23.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.3 (Critical). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Baxter Life2000 Ventilation System — versions 06.08.00.00 and prior

Weakness classification (CWE)

CWE-494 — Download of Code Without Integrity Check

References

www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01

Frequently asked questions

What is CVE-2024-48974?: CVE-2024-48974 is a critical-severity vulnerability in Baxter Life2000 Ventilation System, classified under Download of Code Without Integrity Check. CVSS score: 9.3/10. Published 2024-11-14.
How severe is CVE-2024-48974?: Critical severity. CVSS v3 base score is 9.3 out of 10.