CVE-2020-12039

Published: Jun 29, 2020Modified: Nov 21, 2024

2.4

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 0.9 / Impact: 1.4

Source: NVD

Description

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed.

Affected (2)

Products: Baxter: Sigma Spectrum Infusion System Firmware

1 product

Sigma Spectrum Infusion System Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baxter Sigma Spectrum Infusion System Firmware	From 6.0 to 6.05
Baxter Sigma Spectrum Infusion System Firmware	Version 8.0

Running on/with	Platform Versions
Baxter Sigma Spectrum Infusion System	All versions

Related CWEs

Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://www.us-cert.gov/ics/advisories/icsma-20-170-04

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsma-20-170-04

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.