Unauthorized Access to USB Interface in Baxter ExactaMix EM 2400 and EM1200 Systems
CVE-2020-12024

6.1MEDIUM

Key Information:

Vendor: Baxter
Status: Baxter Exactamix Em 2400 & Em 1200
Vendor: CVE Published:; 29 June 2020

What is CVE-2020-12024?

The Baxter ExactaMix EM 2400 and EM1200 systems have a vulnerability that fails to limit access to the USB interface for unauthorized users who have physical access to the devices. This oversight allows an attacker to potentially load unauthorized payloads or access sensitive information by booting from a live USB operating system. The exploitation of this vulnerability may compromise the confidentiality and integrity of the system, exposing sensitive health information.

Affected Version(s)

Baxter ExactaMix EM 2400 & EM 1200 ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5

References

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 29, 2020
Vulnerability Reserved
Apr 21, 2020