CVE-2020-12024

Published: Jun 29, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 0.9 / Impact: 5.2

Source: NVD

Description

Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI.

Affected (8)

Products: Baxter: Em2400 Firmware, Em1200 Firmware

2 products

Em2400 Firmware

Em1200 Firmware

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baxter Em2400 Firmware	Version 1.10
Baxter Em2400 Firmware	Version 1.11
Baxter Em2400 Firmware	Version 1.13
Baxter Em2400 Firmware	Version 1.14

Running on/with	Platform Versions
Baxter Em2400	All versions

Configuration B

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baxter Em1200 Firmware	Version 1.1
Baxter Em1200 Firmware	Version 1.2
Baxter Em1200 Firmware	Version 1.4
Baxter Em1200 Firmware	Version 1.5

Running on/with	Platform Versions
Baxter Em1200	All versions

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.