CVE-2020-12008

Published: Jun 29, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI.

Affected (4)

Products: Baxter: Em2400 Firmware, Em1200 Firmware

2 products

Em2400 Firmware

Em1200 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baxter Em2400 Firmware	Version 1.10
Baxter Em2400 Firmware	Version 1.11

Running on/with	Platform Versions
Baxter Em2400	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baxter Em1200 Firmware	Version 1.1
Baxter Em1200 Firmware	Version 1.2

Running on/with	Platform Versions
Baxter Em1200	All versions

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.