Unauthorized Access Vulnerability in Baxter ExactaMix EM 2400 and EM1200
CVE-2020-12020

6.1MEDIUM

Key Information:

Vendor: Baxter
Status: Baxter Exactamix Em 2400 & Em 1200
Vendor: CVE Published:; 29 June 2020

What is CVE-2020-12020?

Multiple versions of the Baxter ExactaMix EM 2400 and EM1200 products exhibit a vulnerability that allows non-administrative users to access the operating system and modify the application startup script. This flaw could result in unauthorized changes to critical system settings, potentially compromising the integrity and security of the device and its operations. Users should ensure their systems are updated and consider implementing additional security measures to prevent unauthorized access.

Affected Version(s)

Baxter ExactaMix EM 2400 & EM 1200 ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5

References

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 29, 2020
Vulnerability Reserved
Apr 21, 2020