Vulnerabilites related to baxter - em2400_firmware
cve-2020-12012
Vulnerability from cvelistv5
Published
2020-06-29 13:54
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Baxter ExactaMix EM 2400 & EM 1200 |
Version: ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Baxter ExactaMix EM 2400 \u0026 EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "USE OF HARD-CODED PASSWORD CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-29T13:54:53",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
"version": {
"version_data": [
{
"version_value": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Baxter ExactaMix EM 2400 \u0026 EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED PASSWORD CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12012",
"datePublished": "2020-06-29T13:54:53",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12008
Vulnerability from cvelistv5
Published
2020-06-29 13:53
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Baxter ExactaMix EM 2400 & EM 1200 |
Version: ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CLEARTEXT TRANSMISSION OF SENSITIVE DATA CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-29T13:53:25",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
"version": {
"version_data": [
{
"version_value": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CLEARTEXT TRANSMISSION OF SENSITIVE DATA CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12008",
"datePublished": "2020-06-29T13:53:25",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12020
Vulnerability from cvelistv5
Published
2020-06-29 13:51
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Baxter ExactaMix EM 2400 & EM 1200 |
Version: ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-29T13:51:49",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
"version": {
"version_data": [
{
"version_value": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12020",
"datePublished": "2020-06-29T13:51:49",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12016
Vulnerability from cvelistv5
Published
2020-06-29 13:54
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Baxter ExactaMix EM 2400 & EM 1200 |
Version: ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Baxter ExactaMix EM 2400 \u0026 EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "USE OF HARD-CODED PASSWORD CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-29T13:54:50",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
"version": {
"version_data": [
{
"version_value": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Baxter ExactaMix EM 2400 \u0026 EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED PASSWORD CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12016",
"datePublished": "2020-06-29T13:54:50",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12024
Vulnerability from cvelistv5
Published
2020-06-29 13:51
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Baxter ExactaMix EM 2400 & EM 1200 |
Version: ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-29T13:51:31",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
"version": {
"version_data": [
{
"version_value": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12024",
"datePublished": "2020-06-29T13:51:31",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12032
Vulnerability from cvelistv5
Published
2020-06-29 13:53
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Baxter ExactaMix EM 2400 & EM 1200 |
Version: ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-29T13:53:23",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
"version": {
"version_data": [
{
"version_value": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12032",
"datePublished": "2020-06-29T13:53:23",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-06-29 14:15
Modified
2024-11-21 04:59
Severity ?
Summary
Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| baxter | em2400_firmware | 1.10 | |
| baxter | em2400_firmware | 1.11 | |
| baxter | em2400_firmware | 1.13 | |
| baxter | em2400 | - | |
| baxter | em1200_firmware | 1.1 | |
| baxter | em1200_firmware | 1.2 | |
| baxter | em1200_firmware | 1.4 | |
| baxter | em1200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "11DFA9E3-77C8-4978-809C-D5B2EB5B7F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "01A12E3A-C493-4696-8031-7A6C1A0FDEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3A0CC5-8628-43AB-859D-0EDD439D2C11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:baxter:em2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "244BA6D0-A33D-419C-B532-E62C9AE45F9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9FF60A-7CED-4FA3-8247-4EF8FD8BAFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC04969-E684-4D21-B889-A76DC4B54017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D218ACE-6C3F-4731-AF7B-2290D2A1AE09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:baxter:em1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE1B01A-DA95-477B-95F6-43F8FD7827FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user."
},
{
"lang": "es",
"value": "Baxter ExactaMix EM 2400 Versiones 1.10, 1.11 y 1.13 y ExactaMix EM1200 Versiones 1.1, 1.2 y 1.4, no restringe que los usuarios no administrativos consigan acceso al sistema operativo y editen el script de inicio de la aplicaci\u00f3n. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede permitir a un atacante alterar el script de inicio como el usuario de acceso limitado"
}
],
"id": "CVE-2020-12020",
"lastModified": "2024-11-21T04:59:07.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-29T14:15:11.210",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-29 14:15
Modified
2024-11-21 04:59
Severity ?
Summary
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| baxter | em2400_firmware | 1.10 | |
| baxter | em2400_firmware | 1.11 | |
| baxter | em2400_firmware | 1.13 | |
| baxter | em2400_firmware | 1.14 | |
| baxter | em2400 | - | |
| baxter | em1200_firmware | 1.1 | |
| baxter | em1200_firmware | 1.2 | |
| baxter | em1200_firmware | 1.4 | |
| baxter | em1200_firmware | 1.5 | |
| baxter | em1200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "11DFA9E3-77C8-4978-809C-D5B2EB5B7F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "01A12E3A-C493-4696-8031-7A6C1A0FDEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3A0CC5-8628-43AB-859D-0EDD439D2C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE28A91-445B-4A86-A28E-4C79CEAB7BAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:baxter:em2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "244BA6D0-A33D-419C-B532-E62C9AE45F9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9FF60A-7CED-4FA3-8247-4EF8FD8BAFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC04969-E684-4D21-B889-A76DC4B54017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D218ACE-6C3F-4731-AF7B-2290D2A1AE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDFB795-7512-4DCA-B623-63D26EFF98B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:baxter:em1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE1B01A-DA95-477B-95F6-43F8FD7827FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Baxter ExactaMix EM 2400 \u0026 EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI."
},
{
"lang": "es",
"value": "Baxter ExactaMix EM 2400 y EM 1200, Versiones ExactaMix EM2400 Versiones 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versiones 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versiones 1.10, 1.11, 1.13, 1.14 y ExactaMix EM1200 Versiones 1.1, 1.2 , 1.4 y 1.5, poseen credenciales embebidas de cuenta administrativa para el sistema operativo de ExactaMix. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede permitir a un atacante que haya obtenido acceso no autorizado a los recursos del sistema, incluido el acceso para ejecutar software o para visualizar y actualizar archivos, directorios o la configuraci\u00f3n del sistema. Esto podr\u00eda permitir a un atacante con acceso a la red visualizar datos confidenciales, incluyendo la PHI"
}
],
"id": "CVE-2020-12016",
"lastModified": "2024-11-21T04:59:07.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-29T14:15:11.130",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-259"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-29 14:15
Modified
2024-11-21 04:59
Severity ?
Summary
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| baxter | em2400_firmware | 1.10 | |
| baxter | em2400_firmware | 1.11 | |
| baxter | em2400_firmware | 1.13 | |
| baxter | em2400_firmware | 1.14 | |
| baxter | em2400 | - | |
| baxter | em1200_firmware | 1.1 | |
| baxter | em1200_firmware | 1.2 | |
| baxter | em1200_firmware | 1.4 | |
| baxter | em1200_firmware | 1.5 | |
| baxter | em1200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "11DFA9E3-77C8-4978-809C-D5B2EB5B7F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "01A12E3A-C493-4696-8031-7A6C1A0FDEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3A0CC5-8628-43AB-859D-0EDD439D2C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE28A91-445B-4A86-A28E-4C79CEAB7BAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:baxter:em2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "244BA6D0-A33D-419C-B532-E62C9AE45F9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9FF60A-7CED-4FA3-8247-4EF8FD8BAFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC04969-E684-4D21-B889-A76DC4B54017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D218ACE-6C3F-4731-AF7B-2290D2A1AE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDFB795-7512-4DCA-B623-63D26EFF98B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:baxter:em1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE1B01A-DA95-477B-95F6-43F8FD7827FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI."
},
{
"lang": "es",
"value": "Baxter ExactaMix EM 2400 versiones 1.10, 1.11, 1.13, 1.14 y ExactaMix EM1200 Versiones 1.1, 1.2, 1.4 y 1.5, no restringen el acceso a la interfaz USB de un usuario no autorizado con acceso f\u00edsico. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede permitir a un atacante con acceso f\u00edsico al sistema la capacidad de cargar una carga \u00fatil no autorizada o acceso no autorizado al disco duro mediante el arranque de un Sistema Operativo USB en vivo. Esto podr\u00eda impactar la confidencialidad e integridad del sistema y el riesgo de exposici\u00f3n de informaci\u00f3n confidencial, incluyendo la PHI"
}
],
"id": "CVE-2020-12024",
"lastModified": "2024-11-21T04:59:08.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-29T14:15:11.270",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-29 14:15
Modified
2024-11-21 04:59
Severity ?
Summary
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| baxter | em2400_firmware | 1.10 | |
| baxter | em2400_firmware | 1.11 | |
| baxter | em2400 | - | |
| baxter | em1200_firmware | 1.1 | |
| baxter | em1200_firmware | 1.2 | |
| baxter | em1200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "11DFA9E3-77C8-4978-809C-D5B2EB5B7F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "01A12E3A-C493-4696-8031-7A6C1A0FDEF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:baxter:em2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "244BA6D0-A33D-419C-B532-E62C9AE45F9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9FF60A-7CED-4FA3-8247-4EF8FD8BAFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC04969-E684-4D21-B889-A76DC4B54017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:baxter:em1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE1B01A-DA95-477B-95F6-43F8FD7827FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI."
},
{
"lang": "es",
"value": "Los sistemas Baxter ExactaMix EM 2400 Versiones 1.10, 1.11 y ExactaMix EM1200 Versiones 1.1, 1.2, almacenan datos del dispositivo con informaci\u00f3n confidencial en una base de datos sin cifrar. Esto podr\u00eda permitir a un atacante con acceso a la red visualizar o modificar datos confidenciales, incluyendo la PHI"
}
],
"id": "CVE-2020-12032",
"lastModified": "2024-11-21T04:59:09.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-29T14:15:11.333",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-29 14:15
Modified
2024-11-21 04:59
Severity ?
Summary
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| baxter | em2400_firmware | 1.10 | |
| baxter | em2400_firmware | 1.11 | |
| baxter | em2400 | - | |
| baxter | em1200_firmware | 1.1 | |
| baxter | em1200_firmware | 1.2 | |
| baxter | em1200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "11DFA9E3-77C8-4978-809C-D5B2EB5B7F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "01A12E3A-C493-4696-8031-7A6C1A0FDEF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:baxter:em2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "244BA6D0-A33D-419C-B532-E62C9AE45F9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9FF60A-7CED-4FA3-8247-4EF8FD8BAFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC04969-E684-4D21-B889-A76DC4B54017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:baxter:em1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE1B01A-DA95-477B-95F6-43F8FD7827FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI."
},
{
"lang": "es",
"value": "Los sistemas Baxter ExactaMix EM 2400 Versiones 1.10, 1.11 y ExactaMix EM1200 Versiones 1.1, 1.2, usan mensajes de texto sin cifrar para comunicar informaci\u00f3n de pedidos con un sistema de ingreso de pedidos. Esto podr\u00eda permitir a un atacante con acceso a la red visualizar datos confidenciales, incluyendo la PHI"
}
],
"id": "CVE-2020-12008",
"lastModified": "2024-11-21T04:59:06.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-29T14:15:10.973",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-29 14:15
Modified
2024-11-21 04:59
Severity ?
Summary
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsma-20-170-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| baxter | em2400_firmware | 1.10 | |
| baxter | em2400_firmware | 1.11 | |
| baxter | em2400_firmware | 1.13 | |
| baxter | em2400_firmware | 1.14 | |
| baxter | em2400 | - | |
| baxter | em1200_firmware | 1.1 | |
| baxter | em1200_firmware | 1.2 | |
| baxter | em1200_firmware | 1.4 | |
| baxter | em1200_firmware | 1.5 | |
| baxter | em1200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "11DFA9E3-77C8-4978-809C-D5B2EB5B7F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "01A12E3A-C493-4696-8031-7A6C1A0FDEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3A0CC5-8628-43AB-859D-0EDD439D2C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE28A91-445B-4A86-A28E-4C79CEAB7BAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:baxter:em2400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "244BA6D0-A33D-419C-B532-E62C9AE45F9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9FF60A-7CED-4FA3-8247-4EF8FD8BAFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC04969-E684-4D21-B889-A76DC4B54017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D218ACE-6C3F-4731-AF7B-2290D2A1AE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDFB795-7512-4DCA-B623-63D26EFF98B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:baxter:em1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE1B01A-DA95-477B-95F6-43F8FD7827FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Baxter ExactaMix EM 2400 \u0026 EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI."
},
{
"lang": "es",
"value": "Baxter ExactaMix EM 2400 y EM 1200, Versiones ExactaMix EM2400 Versiones 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versiones 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versiones 1.10, 1.11 y 1.13, y ExactaMix EM1200 Versiones 1.1, 1.2 y 1.4, poseen credenciales embebidas de cuenta administrativa para la aplicaci\u00f3n ExactaMix. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede permitir que un atacante con acceso f\u00edsico consiga acceso no autorizado para visualizar y actualizar la configuraci\u00f3n o los datos del sistema. Esto podr\u00eda afectar la confidencialidad e integridad del sistema y el riesgo de exposici\u00f3n de informaci\u00f3n confidencial, incluyendo la PHI"
}
],
"id": "CVE-2020-12012",
"lastModified": "2024-11-21T04:59:06.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-29T14:15:11.053",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-259"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}