Search

Find a vulnerability

Search criteria

    60 vulnerabilities by Baxter

    VAR-201903-0660

    Vulnerability from variot - Updated: 2024-11-23 22:17

    An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Baxter SIGMA Spectrum Infusion System Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Baxter Wireless Battery Module (WBM) is prone to multiple security vulnerabilities. Attackers may exploit these issues to gain unauthorized access, obtain sensitive information, or bypass the authentication mechanism and gain access to the vulnerable device. Baxter SIGMA Spectrum Infusion System is an intelligent infusion system developed by Baxter, USA. A security vulnerability exists in Baxter WBM

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0660",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "6.05"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "6.05 (model 35700bax)"
          },
          {
            "model": "wireless battery module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "0"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "0"
          },
          {
            "model": "wireless battery module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "16"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "6.05"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008653"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5433"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:sigma_spectrum_infusion_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008653"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jared Bird of Allina IS Security",
        "sources": [
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-774"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2014-5433",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-5433",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-73375",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2014-5433",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-5433",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-5433",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201510-774",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-73375",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-774"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5433"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Baxter SIGMA Spectrum Infusion System Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Baxter Wireless Battery Module (WBM) is prone to multiple security vulnerabilities. \nAttackers may exploit these issues to gain unauthorized access, obtain sensitive information, or bypass the authentication mechanism and gain access to the vulnerable device. Baxter SIGMA Spectrum Infusion System is an intelligent infusion system developed by Baxter, USA. A security vulnerability exists in Baxter WBM",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-5433"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008653"
          },
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73375"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-5433",
            "trust": 2.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-181-01",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008653",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-774",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "76895",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-73375",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73375"
          },
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-774"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5433"
          }
        ]
      },
      "id": "VAR-201903-0660",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73375"
          }
        ],
        "trust": 0.66
      },
      "last_update_date": "2024-11-23T22:17:07.023000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008653"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-312",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008653"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5433"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-181-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5433"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5433"
          },
          {
            "trust": 0.3,
            "url": "http://www.baxter.com/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73375"
          },
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-774"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5433"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-73375"
          },
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-774"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5433"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73375"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "BID",
            "id": "76895"
          },
          {
            "date": "2019-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008653"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-774"
          },
          {
            "date": "2019-03-26T16:29:00.337000",
            "db": "NVD",
            "id": "CVE-2014-5433"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73375"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "BID",
            "id": "76895"
          },
          {
            "date": "2019-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008653"
          },
          {
            "date": "2019-04-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-774"
          },
          {
            "date": "2024-11-21T02:12:02.413000",
            "db": "NVD",
            "id": "CVE-2014-5433"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-774"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter SIGMA Spectrum Infusion System Vulnerabilities related to certificate and password management",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008653"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-774"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201903-0658

    Vulnerability from variot - Updated: 2024-11-23 22:17

    Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes. Baxter SIGMA Spectrum Infusion System is a set of intelligent infusion system of Baxter company. Local attackers can use this vulnerability to bypass security restrictions and perform unauthorized operations

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0658",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "6.05"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "6.05 (model 35700bax)"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "wireless battery module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "0"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "0"
          },
          {
            "model": "wireless battery module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "16"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "6.05"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07336"
          },
          {
            "db": "BID",
            "id": "76898"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008651"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5431"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:sigma_spectrum_infusion_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008651"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jared Bird with Allina IS Security",
        "sources": [
          {
            "db": "BID",
            "id": "76898"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-645"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2014-5431",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2014-5431",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "id": "CNVD-2015-07336",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-73372",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2014-5431",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-5431",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-5431",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-07336",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201510-645",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-73372",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07336"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-645"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5431"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes. Baxter SIGMA Spectrum Infusion System is a set of intelligent infusion system of Baxter company. Local attackers can use this vulnerability to bypass security restrictions and perform unauthorized operations",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-5431"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008651"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07336"
          },
          {
            "db": "BID",
            "id": "76898"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73372"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-5431",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-181-01",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "76898",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008651",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-645",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07336",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-73372",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07336"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73372"
          },
          {
            "db": "BID",
            "id": "76898"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-645"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5431"
          }
        ]
      },
      "id": "VAR-201903-0658",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07336"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73372"
          }
        ],
        "trust": 1.26
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07336"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:17:06.989000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          },
          {
            "title": "Patch for Baxter SIGMA Spectrum Infusion System Local Security Bypass Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/66375"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07336"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008651"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008651"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5431"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-181-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5431"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5431"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/76898"
          },
          {
            "trust": 0.3,
            "url": "http://www.baxter.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07336"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73372"
          },
          {
            "db": "BID",
            "id": "76898"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-645"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5431"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07336"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73372"
          },
          {
            "db": "BID",
            "id": "76898"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-645"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5431"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-07336"
          },
          {
            "date": "2019-03-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73372"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "BID",
            "id": "76898"
          },
          {
            "date": "2019-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008651"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-645"
          },
          {
            "date": "2019-03-26T16:29:00.243000",
            "db": "NVD",
            "id": "CVE-2014-5431"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-11-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-07336"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73372"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "BID",
            "id": "76898"
          },
          {
            "date": "2019-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008651"
          },
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-645"
          },
          {
            "date": "2024-11-21T02:12:02.167000",
            "db": "NVD",
            "id": "CVE-2014-5431"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "76898"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-645"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter SIGMA Spectrum Infusion System Vulnerabilities related to the use of hard-coded credentials",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008651"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-645"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201903-0661

    Vulnerability from variot - Updated: 2024-11-23 22:17

    Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Baxter SIGMA Spectrum Infusion System Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Baxter Wireless Battery Module (WBM) is prone to multiple security vulnerabilities. Attackers may exploit these issues to gain unauthorized access, obtain sensitive information, or bypass the authentication mechanism and gain access to the vulnerable device. Baxter SIGMA Spectrum Infusion System is an intelligent infusion system developed by Baxter, USA. A security vulnerability exists in Baxter WBM

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0661",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "6.05"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "6.05 (model 35700bax)"
          },
          {
            "model": "wireless battery module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "0"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "0"
          },
          {
            "model": "wireless battery module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "16"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "6.05"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008654"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5434"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:sigma_spectrum_infusion_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008654"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jared Bird of Allina IS Security",
        "sources": [
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-775"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2014-5434",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-5434",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-73376",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2014-5434",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-5434",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-5434",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201510-775",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-73376",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008654"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-775"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5434"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Baxter SIGMA Spectrum Infusion System Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Baxter Wireless Battery Module (WBM) is prone to multiple security vulnerabilities. \nAttackers may exploit these issues to gain unauthorized access, obtain sensitive information, or bypass the authentication mechanism and gain access to the vulnerable device. Baxter SIGMA Spectrum Infusion System is an intelligent infusion system developed by Baxter, USA. A security vulnerability exists in Baxter WBM",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-5434"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008654"
          },
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73376"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-5434",
            "trust": 2.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-181-01",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008654",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-775",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "76895",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-73376",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73376"
          },
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008654"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-775"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5434"
          }
        ]
      },
      "id": "VAR-201903-0661",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73376"
          }
        ],
        "trust": 0.66
      },
      "last_update_date": "2024-11-23T22:17:06.959000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008654"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008654"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5434"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-181-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5434"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5434"
          },
          {
            "trust": 0.3,
            "url": "http://www.baxter.com/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73376"
          },
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008654"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-775"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5434"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-73376"
          },
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008654"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-775"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5434"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73376"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "BID",
            "id": "76895"
          },
          {
            "date": "2019-05-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008654"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-775"
          },
          {
            "date": "2019-03-26T15:29:00.287000",
            "db": "NVD",
            "id": "CVE-2014-5434"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73376"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "BID",
            "id": "76895"
          },
          {
            "date": "2019-05-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008654"
          },
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-775"
          },
          {
            "date": "2024-11-21T02:12:02.537000",
            "db": "NVD",
            "id": "CVE-2014-5434"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-775"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter SIGMA Spectrum Infusion System Vulnerabilities related to the use of hard-coded credentials",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008654"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-775"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201903-0659

    Vulnerability from variot - Updated: 2024-11-23 22:17

    Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Baxter Wireless Battery Module (WBM) is prone to multiple security vulnerabilities. Attackers may exploit these issues to gain unauthorized access, obtain sensitive information, or bypass the authentication mechanism and gain access to the vulnerable device. A security vulnerability exists in Baxter WBM

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0659",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "6.05"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "6.05 (model 35700bax)"
          },
          {
            "model": "wireless battery module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "0"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "0"
          },
          {
            "model": "wireless battery module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "16"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "baxter",
            "version": "6.05"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008652"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5432"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:sigma_spectrum_infusion_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008652"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jared Bird of Allina IS Security",
        "sources": [
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-773"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2014-5432",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-5432",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-73373",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2014-5432",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-5432",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-5432",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201510-773",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-73373",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73373"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-773"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5432"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. Baxter Wireless Battery Module (WBM) is prone to multiple security vulnerabilities. \nAttackers may exploit these issues to gain unauthorized access, obtain sensitive information, or bypass the authentication mechanism and gain access to the vulnerable device. A security vulnerability exists in Baxter WBM",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-5432"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008652"
          },
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "VULHUB",
            "id": "VHN-73373"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-5432",
            "trust": 2.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-181-01",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008652",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-773",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "76895",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-73373",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73373"
          },
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-773"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5432"
          }
        ]
      },
      "id": "VAR-201903-0659",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73373"
          }
        ],
        "trust": 0.66
      },
      "last_update_date": "2024-11-23T22:17:06.928000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008652"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-592",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73373"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008652"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5432"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-181-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5432"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5432"
          },
          {
            "trust": 0.3,
            "url": "http://www.baxter.com/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-73373"
          },
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-773"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5432"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-73373"
          },
          {
            "db": "BID",
            "id": "76895"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-773"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5432"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73373"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "BID",
            "id": "76895"
          },
          {
            "date": "2019-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008652"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-773"
          },
          {
            "date": "2019-03-26T16:29:00.290000",
            "db": "NVD",
            "id": "CVE-2014-5432"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-73373"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "BID",
            "id": "76895"
          },
          {
            "date": "2019-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008652"
          },
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-773"
          },
          {
            "date": "2024-11-21T02:12:02.290000",
            "db": "NVD",
            "id": "CVE-2014-5432"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-773"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter SIGMA Spectrum Infusion System Authentication vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008652"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-773"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0368

    Vulnerability from variot - Updated: 2024-11-23 21:25

    Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI. Baxter ExactaMix EM 2400 and EM1200 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter, USA.

    There is a trust management vulnerability in Baxter ExactaMix EM2400 and ExactaMix EM1200. The vulnerability is caused by the use of hard-coded credentials in the management account of the ExactaMix operating system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0368",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.1"
          },
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.2"
          },
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.4"
          },
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.5"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.14"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.2"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.4"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.14"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.1"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.13"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.5"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.10"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.11"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.10"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.11"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.13"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.10"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.11"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21075"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007460"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12016"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:em1200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:baxter:em2400_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007460"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1274"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12016",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12016",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007460",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-21075",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12016",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007460",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12016",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007460",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-21075",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1274",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21075"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007460"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1274"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12016"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter ExactaMix EM 2400 \u0026 EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI. Baxter ExactaMix EM 2400 and EM1200 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter, USA. \n\r\n\r\nThere is a trust management vulnerability in Baxter ExactaMix EM2400 and ExactaMix EM1200. The vulnerability is caused by the use of hard-coded credentials in the management account of the ExactaMix operating system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007460"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21075"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-01",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12016",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007460",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21075",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47290",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1274",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21075"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007460"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1274"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12016"
          }
        ]
      },
      "id": "VAR-202006-0368",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21075"
          }
        ],
        "trust": 1.3916666666666666
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21075"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:25:03.852000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          },
          {
            "title": "Patch for Baxter ExactaMix EM2400 and ExactaMix EM1200 Trust Management Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/254331"
          },
          {
            "title": "Baxter ExactaMix EM2400  and ExactaMix EM1200 Repair measures for trust management problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123424"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21075"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007460"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1274"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007460"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12016"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12016"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12016"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47290"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21075"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007460"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1274"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12016"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21075"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007460"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1274"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12016"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21075"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007460"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1274"
          },
          {
            "date": "2020-06-29T14:15:11.130000",
            "db": "NVD",
            "id": "CVE-2020-12016"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21075"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007460"
          },
          {
            "date": "2020-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1274"
          },
          {
            "date": "2024-11-21T04:59:07.260000",
            "db": "NVD",
            "id": "CVE-2020-12016"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1274"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter ExactaMix EM 2400 and  EM1200 Vulnerability in using hard-coded credentials in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007460"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1274"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0365

    Vulnerability from variot - Updated: 2024-11-23 21:02

    Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI. Baxter ExactaMix EM 2400 and EM1200 Includes a vulnerability in the transmission of important information in clear text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter.

    Baxter ExactaMix EM2400 and EM1200 have an information disclosure vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0365",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.1"
          },
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.2"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.1"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.2"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.10"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.11"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.10"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.11"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.10"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007459"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12008"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:em1200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:baxter:em2400_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007459"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1268"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12008",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12008",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007459",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-57123",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12008",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007459",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12008",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007459",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-57123",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1268",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1268"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12008"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI. Baxter ExactaMix EM 2400 and EM1200 Includes a vulnerability in the transmission of important information in clear text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter. \n\r\n\r\nBaxter ExactaMix EM2400 and EM1200 have an information disclosure vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007459"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-57123"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-01",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12008",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007459",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-57123",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47296",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1268",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1268"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12008"
          }
        ]
      },
      "id": "VAR-202006-0365",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57123"
          }
        ],
        "trust": 1.3916666666666666
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57123"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:02:13.380000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          },
          {
            "title": "Patch for Baxter ExactaMix EM2400 and EM1200 information disclosure vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/236719"
          },
          {
            "title": "Baxter ExactaMix EM2400  and ExactaMix EM1200 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122014"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1268"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007459"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12008"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12008"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12008"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47296"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1268"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12008"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1268"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12008"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-57123"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007459"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1268"
          },
          {
            "date": "2020-06-29T14:15:10.973000",
            "db": "NVD",
            "id": "CVE-2020-12008"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-57123"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007459"
          },
          {
            "date": "2020-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1268"
          },
          {
            "date": "2024-11-21T04:59:06.317000",
            "db": "NVD",
            "id": "CVE-2020-12008"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1268"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter ExactaMix EM 2400 and  EM1200 Vulnerability in plaintext transmission of important information in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007459"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1268"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0372

    Vulnerability from variot - Updated: 2024-11-23 20:59

    Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user. Baxter ExactaMix EM 2400 and EM1200 Exists in a vulnerability related to the leakage of resources to the wrong area.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter.

    There is a security vulnerability in Baxter ExactaMix EM2400 and ExactaMix EM1200

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0372",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.1"
          },
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.2"
          },
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.4"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.11"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.2"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.4"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.13"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.10"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.1"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.10"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.11"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.13"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.10"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.11"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007461"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12020"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:em1200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:baxter:em2400_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007461"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1255"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12020",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12020",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 3.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007461",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-57120",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-12020",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007461",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12020",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007461",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-57120",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1255",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007461"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1255"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12020"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user. Baxter ExactaMix EM 2400 and EM1200 Exists in a vulnerability related to the leakage of resources to the wrong area.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter. \n\r\n\r\nThere is a security vulnerability in Baxter ExactaMix EM2400 and ExactaMix EM1200",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007461"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-57120"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-01",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12020",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007461",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-57120",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47275",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1255",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007461"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1255"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12020"
          }
        ]
      },
      "id": "VAR-202006-0372",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57120"
          }
        ],
        "trust": 1.3916666666666666
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57120"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:59:17.531000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          },
          {
            "title": "Patch for Baxter ExactaMix EM2400 and EM1200 information disclosure vulnerability (CNVD-2020-57120)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/236710"
          },
          {
            "title": "Baxter ExactaMix EM2400  and ExactaMix EM1200 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122003"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007461"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1255"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-668",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007461"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12020"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12020"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12020"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47275"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007461"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1255"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12020"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007461"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1255"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12020"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-57120"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007461"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1255"
          },
          {
            "date": "2020-06-29T14:15:11.210000",
            "db": "NVD",
            "id": "CVE-2020-12020"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-57120"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007461"
          },
          {
            "date": "2020-07-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1255"
          },
          {
            "date": "2024-11-21T04:59:07.700000",
            "db": "NVD",
            "id": "CVE-2020-12020"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1255"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter ExactaMix EM 2400 and  EM1200 Vulnerability in leaking resources to the wrong area in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007461"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1255"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0367

    Vulnerability from variot - Updated: 2024-11-23 20:46

    Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter, USA.

    There is a trust management vulnerability in Baxter ExactaMix EM2400 and ExactaMix EM1200. The vulnerability stems from the fact that the ExactaMix application uses hard-coded management account credentials

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0367",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.1"
          },
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.2"
          },
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.4"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.2"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.4"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.14"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.1"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.13"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.5"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.10"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.11"
          },
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.5"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.10"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.11"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.13"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.14"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.10"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.11"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007409"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12012"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:em1200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:baxter:em2400_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007409"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1270"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12012",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12012",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007409",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-21074",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2020-12012",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Physical",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007409",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12012",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007409",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-21074",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1270",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1270"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12012"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter ExactaMix EM 2400 \u0026 EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter, USA. \n\r\n\r\nThere is a trust management vulnerability in Baxter ExactaMix EM2400 and ExactaMix EM1200. The vulnerability stems from the fact that the ExactaMix application uses hard-coded management account credentials",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007409"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21074"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-01",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12012",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007409",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21074",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47276",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1270",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1270"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12012"
          }
        ]
      },
      "id": "VAR-202006-0367",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21074"
          }
        ],
        "trust": 1.3916666666666666
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21074"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:46:45.378000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          },
          {
            "title": "Patch for Baxter ExactaMix EM2400 and ExactaMix EM1200 Trust Management Vulnerability (CNVD-2021-21074)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/254336"
          },
          {
            "title": "Baxter ExactaMix EM2400  and EM1200 Repair measures for trust management problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123263"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1270"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007409"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12012"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12012"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12012"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47276"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1270"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12012"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1270"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12012"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21074"
          },
          {
            "date": "2020-08-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007409"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1270"
          },
          {
            "date": "2020-06-29T14:15:11.053000",
            "db": "NVD",
            "id": "CVE-2020-12012"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21074"
          },
          {
            "date": "2020-08-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007409"
          },
          {
            "date": "2020-07-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1270"
          },
          {
            "date": "2024-11-21T04:59:06.800000",
            "db": "NVD",
            "id": "CVE-2020-12012"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter ExactaMix EM 2400 and  EM 1200 Vulnerability in using hard-coded credentials in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007409"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1270"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0325

    Vulnerability from variot - Updated: 2024-11-23 20:45

    Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device. Baxter PrismaFlex and PrisMax Includes a vulnerability in the transmission of important information in clear text.Information may be obtained. Baxter PrismaFlex is an intensive care equipment manufactured by Baxter.

    There is a hard-coded vulnerability in Baxter PrismaFlex (all versions). The vulnerability stems from the fact that PrismaFlex contains a hard-coded service password. Attackers can use the vulnerability to modify device settings and calibration values

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0325",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "prismaflex",
            "scope": null,
            "trust": 1.4,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "prismaflex",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "*"
          },
          {
            "model": "prismax",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "3.0"
          },
          {
            "model": "prismax",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "3.x"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007757"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12037"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:prismaflex_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:baxter:prismax_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007757"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1242"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12037",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12037",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007757",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-52561",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12037",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007757",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12037",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007757",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-52561",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1242",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-12037",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52561"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007757"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1242"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12037"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device. Baxter PrismaFlex and PrisMax Includes a vulnerability in the transmission of important information in clear text.Information may be obtained. Baxter PrismaFlex is an intensive care equipment manufactured by Baxter. \n\r\n\r\nThere is a hard-coded vulnerability in Baxter PrismaFlex (all versions). The vulnerability stems from the fact that PrismaFlex contains a hard-coded service password. Attackers can use the vulnerability to modify device settings and calibration values",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007757"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-52561"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12037"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12037",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-02",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-01",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007757",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-52561",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47266",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1242",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12037",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52561"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007757"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1242"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12037"
          }
        ]
      },
      "id": "VAR-202006-0325",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52561"
          }
        ],
        "trust": 1.2458333499999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52561"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:45:54.926000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          },
          {
            "title": "Patch for Baxter PrismaFlex hard-coded vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/234649"
          },
          {
            "title": "Baxter PrismaFlex Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124061"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007757"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1242"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007757"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12037"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-02"
          },
          {
            "trust": 1.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12037"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12037"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47266"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/319.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183653"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52561"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007757"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1242"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12037"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52561"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12037"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007757"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1242"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12037"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-52561"
          },
          {
            "date": "2020-06-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12037"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007757"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1242"
          },
          {
            "date": "2020-06-29T14:15:11.537000",
            "db": "NVD",
            "id": "CVE-2020-12037"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-52561"
          },
          {
            "date": "2020-07-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12037"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007757"
          },
          {
            "date": "2020-07-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1242"
          },
          {
            "date": "2024-11-21T04:59:09.630000",
            "db": "NVD",
            "id": "CVE-2020-12037"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1242"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter PrismaFlex and  PrisMax Vulnerability in plaintext transmission of important information in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007757"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1242"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-1810

    Vulnerability from variot - Updated: 2024-11-23 20:41

    Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI. Baxter ExactaMix EM 2400 and EM1200 Exists in a vulnerability related to lack of authentication.Information may be obtained and tampered with. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter.

    Baxter ExactaMix EM2400 and EM1200 have an access control error vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1810",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.1"
          },
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.2"
          },
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.4"
          },
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.5"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.14"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.2"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.4"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.14"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.1"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.13"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.5"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.10"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.11"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.10"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.11"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.13"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.10"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.11"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007462"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12024"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:em1200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:baxter:em2400_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007462"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1261"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12024",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12024",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007462",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-57121",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2020-12024",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Physical",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007462",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12024",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007462",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-57121",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1261",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1261"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12024"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI. Baxter ExactaMix EM 2400 and EM1200 Exists in a vulnerability related to lack of authentication.Information may be obtained and tampered with. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter. \n\r\n\r\nBaxter ExactaMix EM2400 and EM1200 have an access control error vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007462"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-57121"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-01",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12024",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007462",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-57121",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47291",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1261",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1261"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12024"
          }
        ]
      },
      "id": "VAR-202006-1810",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57121"
          }
        ],
        "trust": 1.3916666666666666
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57121"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:41:58.325000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          },
          {
            "title": "Patch for Baxter ExactaMix EM2400 and EM1200 access control error vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/236713"
          },
          {
            "title": "Baxter ExactaMix EM2400  and EM1200 Fixes for access control error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122009"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1261"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-862",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007462"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12024"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12024"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12024"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47291"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1261"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12024"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007462"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1261"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12024"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-57121"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007462"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1261"
          },
          {
            "date": "2020-06-29T14:15:11.270000",
            "db": "NVD",
            "id": "CVE-2020-12024"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-57121"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007462"
          },
          {
            "date": "2021-11-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1261"
          },
          {
            "date": "2024-11-21T04:59:08.123000",
            "db": "NVD",
            "id": "CVE-2020-12024"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter ExactaMix EM 2400 and  EM1200 Vulnerability regarding lack of authentication in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007462"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1261"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0324

    Vulnerability from variot - Updated: 2024-11-23 20:39

    Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device. Baxter PrismaFlex and PrisMax Includes a vulnerability in the transmission of important information in clear text.Information may be obtained. Baxter PrismaFlex and PrisMax are both an intensive care equipment of Baxter.

    An information disclosure vulnerability exists in Baxter PrismaFlex (all versions) and PrisMax versions prior to 3.x

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0324",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "prismaflex",
            "scope": null,
            "trust": 1.4,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "prismaflex",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "*"
          },
          {
            "model": "prismax",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "3.0"
          },
          {
            "model": "prismax",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "3.x"
          },
          {
            "model": "prismax",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "3.*"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52563"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007756"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12036"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:prismaflex_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:baxter:prismax_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007756"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1249"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12036",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12036",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007756",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-52563",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12036",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007756",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12036",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007756",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-52563",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1249",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52563"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007756"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1249"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12036"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device. Baxter PrismaFlex and PrisMax Includes a vulnerability in the transmission of important information in clear text.Information may be obtained. Baxter PrismaFlex and PrisMax are both an intensive care equipment of Baxter. \n\r\n\r\nAn information disclosure vulnerability exists in Baxter PrismaFlex (all versions) and PrisMax versions prior to 3.x",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12036"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007756"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-52563"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12036",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-02",
            "trust": 2.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-01",
            "trust": 1.6
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007756",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-52563",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1249",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52563"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007756"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1249"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12036"
          }
        ]
      },
      "id": "VAR-202006-0324",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52563"
          }
        ],
        "trust": 1.2458333499999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52563"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:39:59.519000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          },
          {
            "title": "Patch for Baxter PrismaFlex and PrisMax information disclosure vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/234643"
          },
          {
            "title": "Baxter PrismaFlex  and PrisMax Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124063"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52563"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007756"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1249"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007756"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12036"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 1.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-02"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12036"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12036"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52563"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007756"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1249"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12036"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52563"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007756"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1249"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12036"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-52563"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007756"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1249"
          },
          {
            "date": "2020-06-29T14:15:11.460000",
            "db": "NVD",
            "id": "CVE-2020-12036"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-52563"
          },
          {
            "date": "2020-08-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007756"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1249"
          },
          {
            "date": "2024-11-21T04:59:09.520000",
            "db": "NVD",
            "id": "CVE-2020-12036"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1249"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter PrismaFlex and  PrisMax Vulnerability in plaintext transmission of important information in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007756"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1249"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0330

    Vulnerability from variot - Updated: 2024-11-23 20:20

    The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted. Baxter Spectrum Vulnerable to post-expiration or post-release resource manipulation vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter WBM and Baxter Spectrum are both products of Baxter. Baxter WBM is a wireless battery module for Baxter products. Baxter Spectrum is an infusion pump.

    There is a security vulnerability in Baxter Spectrum WBM. Attackers can use this vulnerability to gain access to the FTP service with the help of a specially crafted request

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0330",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "8.0"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": null,
            "trust": 0.8,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "17"
          },
          {
            "model": "spectrum wbm 20d29",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm 20d30",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm 20d31",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm 22d24",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21076"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007456"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12043"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:sigma_spectrum_infusion_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007456"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1223"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12043",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12043",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007456",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-21076",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12043",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007456",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12043",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007456",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-21076",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1223",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-12043",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12043"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1223"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12043"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted. Baxter Spectrum Vulnerable to post-expiration or post-release resource manipulation vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter WBM and Baxter Spectrum are both products of Baxter. Baxter WBM is a wireless battery module for Baxter products. Baxter Spectrum is an infusion pump. \n\r\n\r\nThere is a security vulnerability in Baxter Spectrum WBM. Attackers can use this vulnerability to gain access to the FTP service with the help of a specially crafted request",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12043"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007456"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12043"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-04",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12043",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007456",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21076",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47312",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2149",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1223",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12043",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12043"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1223"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12043"
          }
        ]
      },
      "id": "VAR-202006-0330",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21076"
          }
        ],
        "trust": 1.5266666666666668
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21076"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:20:09.015000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007456"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-672",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007456"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12043"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12043"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12043"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-04"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47312"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2149/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/672.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-170-04"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12043"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1223"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12043"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12043"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1223"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12043"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21076"
          },
          {
            "date": "2020-06-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12043"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007456"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1223"
          },
          {
            "date": "2020-06-29T14:15:11.817000",
            "db": "NVD",
            "id": "CVE-2020-12043"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21076"
          },
          {
            "date": "2020-07-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12043"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007456"
          },
          {
            "date": "2020-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1223"
          },
          {
            "date": "2024-11-21T04:59:10.280000",
            "db": "NVD",
            "id": "CVE-2020-12043"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1223"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter Spectrum Vulnerability in manipulating resources after expiration or release in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007456"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1223"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0326

    Vulnerability from variot - Updated: 2024-11-23 20:04

    Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed. The vulnerability is caused by the program containing a hard-coded password

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0326",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "sigma spectrum infusion system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "6.05"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "8.0"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "6.0"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": null,
            "trust": 0.8,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "6.*"
          },
          {
            "model": "spectrum infusion system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "8.*"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007530"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12039"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:sigma_spectrum_infusion_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007530"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1235"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12039",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12039",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.1,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 2.1,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007530",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2021-21081",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 0.9,
                "id": "CVE-2020-12039",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Physical",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 2.4,
                "baseSeverity": "Low",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007530",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12039",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007530",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-21081",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1235",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-12039",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12039"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007530"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1235"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12039"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v\u0027s6.x model 35700BAX \u0026 Baxter Spectrum Infusion System v\u0027s8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed. The vulnerability is caused by the program containing a hard-coded password",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12039"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12039"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-04",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12039",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007530",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21081",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47304",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2149",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1235",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12039",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12039"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007530"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1235"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12039"
          }
        ]
      },
      "id": "VAR-202006-0326",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21081"
          }
        ],
        "trust": 1.38
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21081"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:04:31.014000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007530"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007530"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12039"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12039"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12039"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-04"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2149/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47304"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-170-04"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12039"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007530"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1235"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12039"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12039"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007530"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1235"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12039"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21081"
          },
          {
            "date": "2020-06-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12039"
          },
          {
            "date": "2020-08-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007530"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1235"
          },
          {
            "date": "2020-06-29T14:15:11.617000",
            "db": "NVD",
            "id": "CVE-2020-12039"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21081"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12039"
          },
          {
            "date": "2020-08-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007530"
          },
          {
            "date": "2020-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1235"
          },
          {
            "date": "2024-11-21T04:59:09.853000",
            "db": "NVD",
            "id": "CVE-2020-12039"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System and  Baxter Spectrum Infusion System Vulnerability in using hard-coded credentials in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007530"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1235"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-1809

    Vulnerability from variot - Updated: 2024-11-23 20:01

    Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI. Baxter ExactaMix EM 2400 and EM1200 There is a vulnerability in the lack of encryption of critical data.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter.

    Baxter ExactaMix EM2400 and EM1200 have encryption vulnerabilities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1809",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.1"
          },
          {
            "model": "exactamix em1200",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "baxter",
            "version": "1.2"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.1"
          },
          {
            "model": "em1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.2"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.10"
          },
          {
            "model": "em2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "1.11"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.10"
          },
          {
            "model": "exactamix em2400",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "1.11"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.10"
          },
          {
            "model": "exactamix em",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "24001.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007463"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12032"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:em1200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:baxter:em2400_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007463"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1264"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12032",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12032",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007463",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-57122",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12032",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 9.1,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007463",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12032",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007463",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-57122",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1264",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1264"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12032"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI. Baxter ExactaMix EM 2400 and EM1200 There is a vulnerability in the lack of encryption of critical data.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter. \n\r\n\r\nBaxter ExactaMix EM2400 and EM1200 have encryption vulnerabilities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12032"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007463"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-57122"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12032",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-01",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007463",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-57122",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47288",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1264",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1264"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12032"
          }
        ]
      },
      "id": "VAR-202006-1809",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57122"
          }
        ],
        "trust": 1.3916666666666666
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57122"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:01:36.363000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          },
          {
            "title": "Patch for Baxter ExactaMix EM2400 and EM1200 encryption issue vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/236716"
          },
          {
            "title": "Baxter ExactaMix EM2400  and EM1200 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123422"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1264"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-311",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-312",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007463"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12032"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12032"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12032"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47288"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1264"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12032"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007463"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1264"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12032"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-57122"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007463"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1264"
          },
          {
            "date": "2020-06-29T14:15:11.333000",
            "db": "NVD",
            "id": "CVE-2020-12032"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-57122"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007463"
          },
          {
            "date": "2021-11-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1264"
          },
          {
            "date": "2024-11-21T04:59:09.060000",
            "db": "NVD",
            "id": "CVE-2020-12032"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1264"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter ExactaMix EM 2400 and  EM1200 Vulnerability regarding lack of encryption of critical data in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007463"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1264"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0332

    Vulnerability from variot - Updated: 2024-11-23 19:56

    The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials. Baxter Spectrum Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter WBM and Baxter Spectrum are both products of Baxter. Baxter WBM is a wireless battery module for Baxter products. Baxter Spectrum is an infusion pump.

    The WBM used in Baxter Spectrum has a trust management vulnerability. Attackers can use hard-coded credentials to use this vulnerability to enable FTP services

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0332",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "8.0"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "8.x"
          },
          {
            "model": "spectrum wbm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "17"
          },
          {
            "model": "spectrum wbm 20d29",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm 20d30",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm 20d31",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm 22d24",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007458"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12047"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:sigma_spectrum_infusion_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007458"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1228"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12047",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12047",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007458",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-21077",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12047",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007458",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12047",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007458",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-21077",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1228",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-12047",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21077"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1228"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12047"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials. Baxter Spectrum Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter WBM and Baxter Spectrum are both products of Baxter. Baxter WBM is a wireless battery module for Baxter products. Baxter Spectrum is an infusion pump. \n\r\n\r\nThe WBM used in Baxter Spectrum has a trust management vulnerability. Attackers can use hard-coded credentials to use this vulnerability to enable FTP services",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007458"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21077"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12047"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-04",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12047",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007458",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21077",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2149",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47298",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1228",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12047",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21077"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1228"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12047"
          }
        ]
      },
      "id": "VAR-202006-0332",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21077"
          }
        ],
        "trust": 1.5266666666666668
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21077"
          }
        ]
      },
      "last_update_date": "2024-11-23T19:56:05.748000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007458"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007458"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12047"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12047"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12047"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-04"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2149/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47298"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-170-04"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21077"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1228"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12047"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21077"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1228"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12047"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21077"
          },
          {
            "date": "2020-06-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12047"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007458"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1228"
          },
          {
            "date": "2020-06-29T14:15:11.943000",
            "db": "NVD",
            "id": "CVE-2020-12047"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21077"
          },
          {
            "date": "2020-07-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12047"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007458"
          },
          {
            "date": "2020-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1228"
          },
          {
            "date": "2024-11-21T04:59:10.573000",
            "db": "NVD",
            "id": "CVE-2020-12047"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1228"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter Spectrum Vulnerability in using hard-coded credentials in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007458"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1228"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0333

    Vulnerability from variot - Updated: 2024-11-23 19:42

    Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0333",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "phoenix x36",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "baxter",
            "version": "3.36"
          },
          {
            "model": "phoenix x36",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "baxter",
            "version": "3.40"
          },
          {
            "model": "phoenix hemodialysis delivery system sw",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "3.36"
          },
          {
            "model": "phoenix hemodialysis delivery system sw",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "3.40"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21082"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007828"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12048"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:phoenix_x36_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007828"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1238"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12048",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12048",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007828",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-21082",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12048",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007828",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12048",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007828",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-21082",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1238",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21082"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007828"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1238"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12048"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007828"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21082"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12048",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-03",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007828",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21082",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47297",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1238",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21082"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007828"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1238"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12048"
          }
        ]
      },
      "id": "VAR-202006-0333",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21082"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21082"
          }
        ]
      },
      "last_update_date": "2024-11-23T19:42:06.603000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "PHOENIX X36",
            "trust": 0.8,
            "url": "https://econnect.baxter.com/assets/downloads/products_expertise/renal_therapies/Phoenix_X36_Brochure_FINAL.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007828"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007828"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12048"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-03"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12048"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12048"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47297"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21082"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007828"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1238"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12048"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21082"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007828"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1238"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12048"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21082"
          },
          {
            "date": "2020-08-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007828"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1238"
          },
          {
            "date": "2020-06-29T14:15:11.990000",
            "db": "NVD",
            "id": "CVE-2020-12048"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21082"
          },
          {
            "date": "2020-08-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007828"
          },
          {
            "date": "2020-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1238"
          },
          {
            "date": "2024-11-21T04:59:10.710000",
            "db": "NVD",
            "id": "CVE-2020-12048"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1238"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Phoenix Hemodialysis Delivery System SW Vulnerability in plaintext transmission of important information in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007828"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1238"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0329

    Vulnerability from variot - Updated: 2024-11-23 19:33

    The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot. Baxter Spectrum Includes a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter WBM and Baxter Spectrum are both products of Baxter. Baxter WBM is a wireless battery module for Baxter products. Baxter Spectrum is an infusion pump.

    The WBM used in Baxter Spectrum has security vulnerabilities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0329",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "8.0"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": null,
            "trust": 0.8,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "17"
          },
          {
            "model": "spectrum wbm 20d29",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm 20d30",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm 20d31",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm 22d24",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21078"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007455"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12041"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:sigma_spectrum_infusion_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007455"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1229"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12041",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12041",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007455",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-21078",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12041",
                "impactScore": 5.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.4,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007455",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12041",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007455",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-21078",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1229",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-12041",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21078"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007455"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1229"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12041"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot. Baxter Spectrum Includes a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter WBM and Baxter Spectrum are both products of Baxter. Baxter WBM is a wireless battery module for Baxter products. Baxter Spectrum is an infusion pump. \n\r\n\r\nThe WBM used in Baxter Spectrum has security vulnerabilities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007455"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21078"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12041"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-04",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12041",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007455",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21078",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47300",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2149",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1229",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12041",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21078"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007455"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1229"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12041"
          }
        ]
      },
      "id": "VAR-202006-0329",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21078"
          }
        ],
        "trust": 1.5266666666666668
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21078"
          }
        ]
      },
      "last_update_date": "2024-11-23T19:33:02.768000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007455"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-732",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007455"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12041"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12041"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12041"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-04"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2149/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47300"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/732.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-170-04"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21078"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007455"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1229"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12041"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21078"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12041"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007455"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1229"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12041"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21078"
          },
          {
            "date": "2020-06-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12041"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007455"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1229"
          },
          {
            "date": "2020-06-29T14:15:11.757000",
            "db": "NVD",
            "id": "CVE-2020-12041"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21078"
          },
          {
            "date": "2020-07-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12041"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007455"
          },
          {
            "date": "2020-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1229"
          },
          {
            "date": "2024-11-21T04:59:10.063000",
            "db": "NVD",
            "id": "CVE-2020-12041"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1229"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter Spectrum Vulnerability in improper permission assignment for critical resources in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007455"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1229"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0328

    Vulnerability from variot - Updated: 2024-11-23 19:30

    Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack. (DoS) It may be put into a state. Baxter Sigma Spectrum Infusion System and Baxter Spectrum Infusion System are both infusion pumps of Baxter

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0328",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "sigma spectrum infusion system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "6.05"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "8.0"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "6.0"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": null,
            "trust": 0.8,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "6.*"
          },
          {
            "model": "spectrum infusion system",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "8.*"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21080"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007531"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12040"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:sigma_spectrum_infusion_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007531"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1234"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12040",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12040",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007531",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-21080",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12040",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007531",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12040",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007531",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-21080",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1234",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-12040",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21080"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12040"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1234"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12040"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sigma Spectrum Infusion System v\u0027s6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack. (DoS) It may be put into a state. Baxter Sigma Spectrum Infusion System and Baxter Spectrum Infusion System are both infusion pumps of Baxter",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12040"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21080"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12040"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-04",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12040",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007531",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21080",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47302",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2149",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1234",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12040",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21080"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12040"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1234"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12040"
          }
        ]
      },
      "id": "VAR-202006-0328",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21080"
          }
        ],
        "trust": 1.38
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21080"
          }
        ]
      },
      "last_update_date": "2024-11-23T19:30:59.391000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007531"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007531"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12040"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12040"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12040"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-04"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47302"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2149/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/319.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-170-04"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21080"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12040"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1234"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12040"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21080"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12040"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007531"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1234"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12040"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21080"
          },
          {
            "date": "2020-06-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12040"
          },
          {
            "date": "2020-08-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007531"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1234"
          },
          {
            "date": "2020-06-29T14:15:11.677000",
            "db": "NVD",
            "id": "CVE-2020-12040"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21080"
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12040"
          },
          {
            "date": "2020-08-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007531"
          },
          {
            "date": "2020-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1234"
          },
          {
            "date": "2024-11-21T04:59:09.957000",
            "db": "NVD",
            "id": "CVE-2020-12040"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1234"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sigma Spectrum Infusion System and  Baxter Spectrum Infusion System Vulnerability in plaintext transmission of important information in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007531"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1234"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0331

    Vulnerability from variot - Updated: 2024-11-23 19:27

    The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded credentials. Baxter Spectrum Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter WBM and Baxter Spectrum are both products of Baxter. Baxter WBM is a wireless battery module for Baxter products. Baxter Spectrum is an infusion pump.

    The WBM used in Baxter Spectrum has a security vulnerability. Attackers can use hard-coded credentials to exploit this vulnerability to run Telnet services

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0331",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "8.0"
          },
          {
            "model": "sigma spectrum infusion system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "8.x"
          },
          {
            "model": "spectrum wbm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "17"
          },
          {
            "model": "spectrum wbm 20d29",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm 20d30",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm 20d31",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "spectrum wbm 22d24",
            "scope": null,
            "trust": 0.6,
            "vendor": "baxter",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21079"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007457"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12045"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:sigma_spectrum_infusion_system_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007457"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1231"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12045",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-12045",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007457",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-21079",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12045",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007457",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12045",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007457",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-21079",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1231",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-12045",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21079"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007457"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1231"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12045"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded credentials. Baxter Spectrum Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter WBM and Baxter Spectrum are both products of Baxter. Baxter WBM is a wireless battery module for Baxter products. Baxter Spectrum is an infusion pump. \n\r\n\r\nThe WBM used in Baxter Spectrum has a security vulnerability. Attackers can use hard-coded credentials to exploit this vulnerability to run Telnet services",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007457"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21079"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12045"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-04",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12045",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007457",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-21079",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47316",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2149",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1231",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12045",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21079"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007457"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1231"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12045"
          }
        ]
      },
      "id": "VAR-202006-0331",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21079"
          }
        ],
        "trust": 1.5266666666666668
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21079"
          }
        ]
      },
      "last_update_date": "2024-11-23T19:27:22.479000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007457"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007457"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12045"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12045"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12045"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-04"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2149/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47316"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-170-04"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21079"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007457"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1231"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12045"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21079"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007457"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1231"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12045"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21079"
          },
          {
            "date": "2020-06-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12045"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007457"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1231"
          },
          {
            "date": "2020-06-29T14:15:11.880000",
            "db": "NVD",
            "id": "CVE-2020-12045"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-21079"
          },
          {
            "date": "2020-07-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12045"
          },
          {
            "date": "2020-08-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007457"
          },
          {
            "date": "2020-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1231"
          },
          {
            "date": "2024-11-21T04:59:10.373000",
            "db": "NVD",
            "id": "CVE-2020-12045"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1231"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter Spectrum WBM trust management issue vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-21079"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1231"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1231"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0323

    Vulnerability from variot - Updated: 2024-11-23 19:25

    Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings and calibration. Baxter PrismaFlex and PrisMax Contains a vulnerability in the use of hard-coded credentials.Information may be tampered with. Baxter PrismaFlex and PrisMax are both an intensive care equipment of Baxter.

    There is a trust management vulnerability in Baxter PrismaFlex (all versions) and PrisMax versions before 3.x. The vulnerability is caused by the lack of authentication of the device. Attackers can use the vulnerability to modify the treatment status information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0323",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "prismaflex",
            "scope": null,
            "trust": 1.4,
            "vendor": "baxter",
            "version": null
          },
          {
            "model": "prismaflex",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "*"
          },
          {
            "model": "prismax",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "baxter",
            "version": "3.0"
          },
          {
            "model": "prismax",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "baxter",
            "version": "3.x"
          },
          {
            "model": "prismax",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "baxter",
            "version": "3.*"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007755"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12035"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:baxter:prismaflex_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:baxter:prismax_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007755"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1246"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-12035",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-12035",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 3.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007755",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-52562",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 0.7,
                "id": "CVE-2020-12035",
                "impactScore": 4.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Physical",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 4.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007755",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12035",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007755",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-52562",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1246",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007755"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1246"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12035"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings and calibration. Baxter PrismaFlex and PrisMax Contains a vulnerability in the use of hard-coded credentials.Information may be tampered with. Baxter PrismaFlex and PrisMax are both an intensive care equipment of Baxter. \n\r\n\r\nThere is a trust management vulnerability in Baxter PrismaFlex (all versions) and PrisMax versions before 3.x. The vulnerability is caused by the lack of authentication of the device. Attackers can use the vulnerability to modify the treatment status information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12035"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007755"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-52562"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-02",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12035",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-170-01",
            "trust": 1.6
          },
          {
            "db": "JVN",
            "id": "JVNVU91499991",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007755",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-52562",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1246",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007755"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1246"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12035"
          }
        ]
      },
      "id": "VAR-202006-0323",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52562"
          }
        ],
        "trust": 1.2458333499999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52562"
          }
        ]
      },
      "last_update_date": "2024-11-23T19:25:30.627000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.baxter.com/"
          },
          {
            "title": "Patch for Baxter PrismaFlex and PrisMax trust management issue vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/234646"
          },
          {
            "title": "Baxter PrismaFlex  and PrisMax Repair measures for trust management problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124062"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007755"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1246"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007755"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12035"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-02"
          },
          {
            "trust": 1.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12035"
          },
          {
            "trust": 1.2,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12035"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91499991/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007755"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1246"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12035"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007755"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1246"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12035"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-52562"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007755"
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1246"
          },
          {
            "date": "2020-06-29T14:15:11.397000",
            "db": "NVD",
            "id": "CVE-2020-12035"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-52562"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007755"
          },
          {
            "date": "2020-07-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1246"
          },
          {
            "date": "2024-11-21T04:59:09.403000",
            "db": "NVD",
            "id": "CVE-2020-12035"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1246"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Baxter PrismaFlex and PrisMax trust management issue vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-52562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1246"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1246"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2024-48974 (GCVE-0-2024-48974)

    Vulnerability from nvd – Published: 2024-11-14 21:27 – Updated: 2024-11-18 15:32
    VLAI
    Title
    Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates
    Summary
    The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    Impacted products
    Vendor Product Version
    Baxter Life2000 Ventilation System Affected: 06.08.00.00 and prior
    Create a notification for this product.
    baxter life2000_ventilator_firmware Affected: 0 , ≤ 06.08.00.00 (custom)
        cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-14 21:50
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "life2000_ventilator_firmware",
                "vendor": "baxter",
                "versions": [
                  {
                    "lessThanOrEqual": "06.08.00.00",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48974",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T15:31:47.610421Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-18T15:32:38.488Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Life2000 Ventilation System",
              "vendor": "Baxter",
              "versions": [
                {
                  "status": "affected",
                  "version": "06.08.00.00 and prior"
                }
              ]
            }
          ],
          "datePublic": "2024-11-14T21:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device\u0027s configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure."
                }
              ],
              "value": "The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device\u0027s configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-186",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-186 Malicious Software Update"
                }
              ]
            },
            {
              "capecId": "CAPEC-117",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-117 Interception"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-14T21:50:36.915Z",
            "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
            "shortName": "Baxter"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
        "assignerShortName": "Baxter",
        "cveId": "CVE-2024-48974",
        "datePublished": "2024-11-14T21:27:10.284Z",
        "dateReserved": "2024-10-10T19:24:41.495Z",
        "dateUpdated": "2024-11-18T15:32:38.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48973 (GCVE-0-2024-48973)

    Vulnerability from nvd – Published: 2024-11-14 21:24 – Updated: 2024-11-18 15:33
    VLAI
    Title
    Debug port on Life2000 Ventilator serial interface is enabled by default
    Summary
    The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1263 - Improper Physical Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Baxter Life2000 Ventilation System Affected: 06.08.00.00 and prior
    Create a notification for this product.
    baxter life2000_ventilator_firmware Affected: 0 , ≤ 06.08.00.00 (custom)
        cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-14 21:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "life2000_ventilator_firmware",
                "vendor": "baxter",
                "versions": [
                  {
                    "lessThanOrEqual": "06.08.00.00",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48973",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T15:33:07.996857Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-18T15:33:44.924Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Life2000 Ventilation System",
              "vendor": "Baxter",
              "versions": [
                {
                  "status": "affected",
                  "version": "06.08.00.00 and prior"
                }
              ]
            }
          ],
          "datePublic": "2024-11-14T21:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The debug port on the ventilator\u0027s serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.\u003cbr\u003e"
                }
              ],
              "value": "The debug port on the ventilator\u0027s serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-117",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-117 Interception"
                }
              ]
            },
            {
              "capecId": "CAPEC-441",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-441 Malicious Logic Insertion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1263",
                  "description": "CWE-1263 Improper Physical Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-14T21:49:44.756Z",
            "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
            "shortName": "Baxter"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Debug port on Life2000 Ventilator serial interface is enabled by default",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
        "assignerShortName": "Baxter",
        "cveId": "CVE-2024-48973",
        "datePublished": "2024-11-14T21:24:14.099Z",
        "dateReserved": "2024-10-10T19:24:41.495Z",
        "dateUpdated": "2024-11-18T15:33:44.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48971 (GCVE-0-2024-48971)

    Vulnerability from nvd – Published: 2024-11-14 21:13 – Updated: 2024-11-15 21:06
    VLAI
    Title
    Clinician Password and Serial Number Clinician Password are hard-coded in Life2000 Ventilator
    Summary
    The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Baxter Life2000 Ventilation System Affected: 06.08.00.00 and prior
    Create a notification for this product.
    baxter life2000_ventilator_firmware Affected: 0 , ≤ 06.08.00.00 (custom)
        cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-14 21:47
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "life2000_ventilator_firmware",
                "vendor": "baxter",
                "versions": [
                  {
                    "lessThanOrEqual": "06.08.00.00",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48971",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T21:05:32.910003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T21:06:24.325Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Life2000 Ventilation System",
              "vendor": "Baxter",
              "versions": [
                {
                  "status": "affected",
                  "version": "06.08.00.00 and prior"
                }
              ]
            }
          ],
          "datePublic": "2024-11-14T21:47:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges.\u003cbr\u003e"
                }
              ],
              "value": "The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-191",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-191 Read Sensitive Constants Within an Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-14T21:49:12.240Z",
            "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
            "shortName": "Baxter"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Clinician Password and Serial Number Clinician Password are hard-coded in Life2000 Ventilator",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
        "assignerShortName": "Baxter",
        "cveId": "CVE-2024-48971",
        "datePublished": "2024-11-14T21:13:36.036Z",
        "dateReserved": "2024-10-10T19:24:41.495Z",
        "dateUpdated": "2024-11-15T21:06:24.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48970 (GCVE-0-2024-48970)

    Vulnerability from nvd – Published: 2024-11-14 21:31 – Updated: 2024-11-18 15:23
    VLAI
    Title
    Life2000 Ventilator microcontroller lacks memory protection
    Summary
    The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1191 - On-Chip Debug and Test Interface with Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Baxter Life2000 Ventilation System Affected: 06.08.00.00 and prior
    Create a notification for this product.
    baxter life2000_ventilator_firmware Affected: 0 , ≤ 06.08.00.00 (custom)
        cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-14 21:28
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "life2000_ventilator_firmware",
                "vendor": "baxter",
                "versions": [
                  {
                    "lessThanOrEqual": "06.08.00.00",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48970",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T15:22:31.746766Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-18T15:23:48.292Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Life2000 Ventilation System",
              "vendor": "Baxter",
              "versions": [
                {
                  "status": "affected",
                  "version": "06.08.00.00 and prior"
                }
              ]
            }
          ],
          "datePublic": "2024-11-14T21:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The ventilator\u0027s microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure."
                }
              ],
              "value": "The ventilator\u0027s microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-117",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-117 Interception"
                }
              ]
            },
            {
              "capecId": "CAPEC-458",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-458 Flash Memory Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1191",
                  "description": "CWE-1191 On-Chip Debug and Test Interface with Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-14T21:53:34.989Z",
            "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
            "shortName": "Baxter"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Life2000 Ventilator microcontroller lacks memory protection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
        "assignerShortName": "Baxter",
        "cveId": "CVE-2024-48970",
        "datePublished": "2024-11-14T21:31:14.701Z",
        "dateReserved": "2024-10-10T19:24:41.494Z",
        "dateUpdated": "2024-11-18T15:23:48.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48967 (GCVE-0-2024-48967)

    Vulnerability from nvd – Published: 2024-11-14 21:40 – Updated: 2024-11-15 14:28
    VLAI
    Title
    Life2000 ventilator and Service PC lack sufficient audit logging capabilities
    Summary
    The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Baxter Life2000 Ventilation System Affected: 06.08.00.00 and prior
    Create a notification for this product.
    baxter life2000_ventilator_firmware Affected: 0 , < 6.08.00.00 (custom)
        cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-14 21:38
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "life2000_ventilator_firmware",
                "vendor": "baxter",
                "versions": [
                  {
                    "lessThan": "6.08.00.00",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48967",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T14:28:10.676566Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T14:28:13.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Life2000 Ventilation System",
              "vendor": "Baxter",
              "versions": [
                {
                  "status": "affected",
                  "version": "06.08.00.00 and prior"
                }
              ]
            }
          ],
          "datePublic": "2024-11-14T21:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance."
                }
              ],
              "value": "The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-117",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-117 Interception"
                }
              ]
            },
            {
              "capecId": "CAPEC-441",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-441 Malicious Logic Insertion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-778",
                  "description": "CWE-778: Insufficient Logging",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-14T21:52:23.702Z",
            "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
            "shortName": "Baxter"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Life2000 ventilator and Service PC lack sufficient audit logging capabilities",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
        "assignerShortName": "Baxter",
        "cveId": "CVE-2024-48967",
        "datePublished": "2024-11-14T21:40:44.904Z",
        "dateReserved": "2024-10-10T19:24:34.436Z",
        "dateUpdated": "2024-11-15T14:28:13.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48966 (GCVE-0-2024-48966)

    Vulnerability from nvd – Published: 2024-11-14 21:38 – Updated: 2024-11-15 15:37
    VLAI
    Title
    Life2000 service tools for test and calibration do not support user authentication
    Summary
    The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Baxter Life2000 Ventilation System Affected: 06.08.00.00 and prior
    Create a notification for this product.
    baxter life2000_ventilator_firmware Affected: 0 , < 6.08.00.00 (custom)
        cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-14 21:33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "life2000_ventilator_firmware",
                "vendor": "baxter",
                "versions": [
                  {
                    "lessThan": "6.08.00.00",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48966",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T15:33:11.667501Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:37:40.878Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Life2000 Ventilation System",
              "vendor": "Baxter",
              "versions": [
                {
                  "status": "affected",
                  "version": "06.08.00.00 and prior"
                }
              ]
            }
          ],
          "datePublic": "2024-11-14T21:33:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The software tools used by service personnel to test \u0026amp; calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator\u0027s settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance."
                }
              ],
              "value": "The software tools used by service personnel to test \u0026 calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator\u0027s settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-117",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-117 Interception"
                }
              ]
            },
            {
              "capecId": "CAPEC-441",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-441 Malicious Logic Insertion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-14T21:53:00.216Z",
            "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
            "shortName": "Baxter"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Life2000 service tools for test and calibration do not support user authentication",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
        "assignerShortName": "Baxter",
        "cveId": "CVE-2024-48966",
        "datePublished": "2024-11-14T21:38:11.113Z",
        "dateReserved": "2024-10-10T19:24:34.436Z",
        "dateUpdated": "2024-11-15T15:37:40.878Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48967 (GCVE-0-2024-48967)

    Vulnerability from cvelistv5 – Published: 2024-11-14 21:40 – Updated: 2024-11-15 14:28
    VLAI
    Title
    Life2000 ventilator and Service PC lack sufficient audit logging capabilities
    Summary
    The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Baxter Life2000 Ventilation System Affected: 06.08.00.00 and prior
    Create a notification for this product.
    baxter life2000_ventilator_firmware Affected: 0 , < 6.08.00.00 (custom)
        cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-14 21:38
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "life2000_ventilator_firmware",
                "vendor": "baxter",
                "versions": [
                  {
                    "lessThan": "6.08.00.00",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48967",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T14:28:10.676566Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T14:28:13.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Life2000 Ventilation System",
              "vendor": "Baxter",
              "versions": [
                {
                  "status": "affected",
                  "version": "06.08.00.00 and prior"
                }
              ]
            }
          ],
          "datePublic": "2024-11-14T21:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance."
                }
              ],
              "value": "The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-117",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-117 Interception"
                }
              ]
            },
            {
              "capecId": "CAPEC-441",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-441 Malicious Logic Insertion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-778",
                  "description": "CWE-778: Insufficient Logging",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-14T21:52:23.702Z",
            "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
            "shortName": "Baxter"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Life2000 ventilator and Service PC lack sufficient audit logging capabilities",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
        "assignerShortName": "Baxter",
        "cveId": "CVE-2024-48967",
        "datePublished": "2024-11-14T21:40:44.904Z",
        "dateReserved": "2024-10-10T19:24:34.436Z",
        "dateUpdated": "2024-11-15T14:28:13.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48966 (GCVE-0-2024-48966)

    Vulnerability from cvelistv5 – Published: 2024-11-14 21:38 – Updated: 2024-11-15 15:37
    VLAI
    Title
    Life2000 service tools for test and calibration do not support user authentication
    Summary
    The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Baxter Life2000 Ventilation System Affected: 06.08.00.00 and prior
    Create a notification for this product.
    baxter life2000_ventilator_firmware Affected: 0 , < 6.08.00.00 (custom)
        cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-14 21:33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "life2000_ventilator_firmware",
                "vendor": "baxter",
                "versions": [
                  {
                    "lessThan": "6.08.00.00",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48966",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T15:33:11.667501Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:37:40.878Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Life2000 Ventilation System",
              "vendor": "Baxter",
              "versions": [
                {
                  "status": "affected",
                  "version": "06.08.00.00 and prior"
                }
              ]
            }
          ],
          "datePublic": "2024-11-14T21:33:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The software tools used by service personnel to test \u0026amp; calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator\u0027s settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance."
                }
              ],
              "value": "The software tools used by service personnel to test \u0026 calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator\u0027s settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-117",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-117 Interception"
                }
              ]
            },
            {
              "capecId": "CAPEC-441",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-441 Malicious Logic Insertion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-14T21:53:00.216Z",
            "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
            "shortName": "Baxter"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Life2000 service tools for test and calibration do not support user authentication",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
        "assignerShortName": "Baxter",
        "cveId": "CVE-2024-48966",
        "datePublished": "2024-11-14T21:38:11.113Z",
        "dateReserved": "2024-10-10T19:24:34.436Z",
        "dateUpdated": "2024-11-15T15:37:40.878Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48970 (GCVE-0-2024-48970)

    Vulnerability from cvelistv5 – Published: 2024-11-14 21:31 – Updated: 2024-11-18 15:23
    VLAI
    Title
    Life2000 Ventilator microcontroller lacks memory protection
    Summary
    The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1191 - On-Chip Debug and Test Interface with Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Baxter Life2000 Ventilation System Affected: 06.08.00.00 and prior
    Create a notification for this product.
    baxter life2000_ventilator_firmware Affected: 0 , ≤ 06.08.00.00 (custom)
        cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-14 21:28
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "life2000_ventilator_firmware",
                "vendor": "baxter",
                "versions": [
                  {
                    "lessThanOrEqual": "06.08.00.00",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48970",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T15:22:31.746766Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-18T15:23:48.292Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Life2000 Ventilation System",
              "vendor": "Baxter",
              "versions": [
                {
                  "status": "affected",
                  "version": "06.08.00.00 and prior"
                }
              ]
            }
          ],
          "datePublic": "2024-11-14T21:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The ventilator\u0027s microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure."
                }
              ],
              "value": "The ventilator\u0027s microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-117",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-117 Interception"
                }
              ]
            },
            {
              "capecId": "CAPEC-458",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-458 Flash Memory Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1191",
                  "description": "CWE-1191 On-Chip Debug and Test Interface with Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-14T21:53:34.989Z",
            "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
            "shortName": "Baxter"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Life2000 Ventilator microcontroller lacks memory protection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
        "assignerShortName": "Baxter",
        "cveId": "CVE-2024-48970",
        "datePublished": "2024-11-14T21:31:14.701Z",
        "dateReserved": "2024-10-10T19:24:41.494Z",
        "dateUpdated": "2024-11-18T15:23:48.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48974 (GCVE-0-2024-48974)

    Vulnerability from cvelistv5 – Published: 2024-11-14 21:27 – Updated: 2024-11-18 15:32
    VLAI
    Title
    Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates
    Summary
    The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    Impacted products
    Vendor Product Version
    Baxter Life2000 Ventilation System Affected: 06.08.00.00 and prior
    Create a notification for this product.
    baxter life2000_ventilator_firmware Affected: 0 , ≤ 06.08.00.00 (custom)
        cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-14 21:50
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "life2000_ventilator_firmware",
                "vendor": "baxter",
                "versions": [
                  {
                    "lessThanOrEqual": "06.08.00.00",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48974",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T15:31:47.610421Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-18T15:32:38.488Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Life2000 Ventilation System",
              "vendor": "Baxter",
              "versions": [
                {
                  "status": "affected",
                  "version": "06.08.00.00 and prior"
                }
              ]
            }
          ],
          "datePublic": "2024-11-14T21:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device\u0027s configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure."
                }
              ],
              "value": "The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device\u0027s configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-186",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-186 Malicious Software Update"
                }
              ]
            },
            {
              "capecId": "CAPEC-117",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-117 Interception"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-14T21:50:36.915Z",
            "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
            "shortName": "Baxter"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
        "assignerShortName": "Baxter",
        "cveId": "CVE-2024-48974",
        "datePublished": "2024-11-14T21:27:10.284Z",
        "dateReserved": "2024-10-10T19:24:41.495Z",
        "dateUpdated": "2024-11-18T15:32:38.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }