CVE-2020-12032

Published: Jun 29, 2020Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI.

Affected (4)

Products: Baxter: Em2400 Firmware, Em1200 Firmware

2 products

Em2400 Firmware

Em1200 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baxter Em2400 Firmware	Version 1.10
Baxter Em2400 Firmware	Version 1.11

Running on/with	Platform Versions
Baxter Em2400	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baxter Em1200 Firmware	Version 1.1
Baxter Em1200 Firmware	Version 1.2

Running on/with	Platform Versions
Baxter Em1200	All versions

Related CWEs

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.