← Back

CVE-2020-12045

nvd nist
Published: Jun 29, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded credentials.

Affected (1)

Baxter
1 product
Sigma Spectrum Infusion System Firmware
Configuration A
1 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Sigma Spectrum Infusion System Firmware
Version 8.0
Running on/withPlatform Versions
Baxter
Sigma Spectrum Infusion System
All versions
Baxter
Wireless Battery Module
Version 17
Baxter
Wireless Battery Module
Version 20d29
Baxter
Wireless Battery Module
Version 20d30
Baxter
Wireless Battery Module
Version 20d31
Baxter
Wireless Battery Module
Version 22d24

Related CWEs

CWE-259
Use of Hard-coded Password
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.