CVE-2020-12020

Published: Jun 29, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Exploitability: 1.8 / Impact: 4.2

Source: NVD

Description

Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.

Affected (6)

Products: Baxter: Em2400 Firmware, Em1200 Firmware

2 products

Em2400 Firmware

Em1200 Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baxter Em2400 Firmware	Version 1.10
Baxter Em2400 Firmware	Version 1.11
Baxter Em2400 Firmware	Version 1.13

Running on/with	Platform Versions
Baxter Em2400	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baxter Em1200 Firmware	Version 1.1
Baxter Em1200 Firmware	Version 1.2
Baxter Em1200 Firmware	Version 1.4

Running on/with	Platform Versions
Baxter Em1200	All versions

Related CWEs

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.