Data Exposure Vulnerability in Baxter ExactaMix EM 2400 and EM 1200 Systems
CVE-2020-12032

9.1CRITICAL

Key Information:

Vendor: Baxter
Status: Baxter Exactamix Em 2400 & Em 1200
Vendor: CVE Published:; 29 June 2020

What is CVE-2020-12032?

Baxter's ExactaMix EM 2400 and EM 1200 systems are vulnerable due to the storage of sensitive information, including Personal Health Information (PHI), within an unencrypted database. This vulnerability can be exploited by attackers with network access, potentially allowing them to view or alter sensitive data.

Affected Version(s)

Baxter ExactaMix EM 2400 & EM 1200 ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5

References

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 29, 2020
Vulnerability Reserved
Apr 21, 2020