CVE-2020-12047

Published: Jun 29, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials.

Affected (1)

Products: Baxter: Sigma Spectrum Infusion System Firmware

Baxter

1 product

Sigma Spectrum Infusion System Firmware

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Baxter Sigma Spectrum Infusion System Firmware	Version 8.0

Running on/with	Platform Versions
Baxter Sigma Spectrum Infusion System	All versions
Baxter Wireless Battery Module	Version 17
Baxter Wireless Battery Module	Version 20d29
Baxter Wireless Battery Module	Version 20d30
Baxter Wireless Battery Module	Version 20d31
Baxter Wireless Battery Module	Version 22d24

Related CWEs

CWE-259

Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://www.us-cert.gov/ics/advisories/icsma-20-170-04

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsma-20-170-04

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.