CVE-2020-12041

Published: Jun 29, 2020Modified: Nov 21, 2024

9.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Exploitability: 3.9 / Impact: 5.5

Source: NVD

Description

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot.

Affected (1)

Products: Baxter: Sigma Spectrum Infusion System Firmware

Baxter

1 product

Sigma Spectrum Infusion System Firmware

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Baxter Sigma Spectrum Infusion System Firmware	Version 8.0

Running on/with	Platform Versions
Baxter Sigma Spectrum Infusion System	All versions
Baxter Wireless Battery Module	Version 17
Baxter Wireless Battery Module	Version 20d29
Baxter Wireless Battery Module	Version 20d30
Baxter Wireless Battery Module	Version 20d31
Baxter Wireless Battery Module	Version 22d24

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://www.us-cert.gov/ics/advisories/icsma-20-170-04

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsma-20-170-04

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.