{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T06:40:08.887","vulnerabilities":[{"cve":{"id":"CVE-2024-48967","sourceIdentifier":"productsecurity@baxter.com","published":"2024-11-14T22:15:17.927","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance."},{"lang":"es","value":"El respirador y la PC de servicio carecen de capacidades de registro de auditoría suficientes para permitir la detección de actividad maliciosa y el posterior examen forense. Un atacante con acceso al respirador o a la PC de servicio podría, sin ser detectado, realizar cambios no autorizados en la configuración del respirador que resulten en la divulgación no autorizada de información o tengan impactos no deseados en el rendimiento del dispositivo."}],"metrics":{"cvssMetricV31":[{"source":"productsecurity@baxter.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"productsecurity@baxter.com","type":"Secondary","description":[{"lang":"en","value":"CWE-778"}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01","source":"productsecurity@baxter.com"}]}}]}