Unauthorized Access Vulnerability in Baxter ExactaMix EM 2400 & EM 1200 Systems
CVE-2020-12012

6.1MEDIUM

Key Information:

Vendor: Baxter
Status: Baxter Exactamix Em 2400 & Em 1200
Vendor: CVE Published:; 29 June 2020

What is CVE-2020-12012?

The Baxter ExactaMix EM 2400 and EM 1200 systems are affected by a vulnerability that involves hard-coded administrative account credentials. Versions including ExactaMix EM2400 (1.10, 1.11, 1.13, 1.14) and ExactaMix EM1200 (1.1, 1.2, 1.4, 1.5) have been identified to contain this security flaw. An attacker with physical access to these systems may exploit this vulnerability to gain unauthorized access, allowing them to view or alter system configurations and data. The resulting exposure of sensitive information, particularly Protected Health Information (PHI), poses a significant risk to both the confidentiality and integrity of the affected systems.

Affected Version(s)

Baxter ExactaMix EM 2400 & EM 1200 ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5

References

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 29, 2020
Vulnerability Reserved
Apr 21, 2020