FTP Service Vulnerability in Baxter Spectrum WBM Wireless Configuration
CVE-2020-12043

9.8CRITICAL

Key Information:

Vendor: Baxter
Status: Baxter Sigma Spectrum Infusion Pumps
Vendor: CVE Published:; 29 June 2020

What is CVE-2020-12043?

The Baxter Spectrum WBM, when configured for wireless networking, has an issue where the FTP service remains operational until the device is rebooted. This can potentially expose sensitive data and create security risks, as unauthorized entities may gain access to the FTP service if the device is not properly secured or monitored. Regular updates and secure configurations are essential to mitigate such risks.

Affected Version(s)

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum v6.x model 35700BAX, Baxter Spectrum v8.x model 35700BAX2,Sigma Spectrum v6.x with Wireless Battery Module v9,11,13,14,15,16,v20D29,v20D30,v20D31,v22D24, Baxter Spectrum v8.x with Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24,Baxter Spectrum Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24,Baxter Spectrum LVP v8.x w/Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24

References

https://www.us-cert.gov/ics/advisories/icsma-20-170-04

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 29, 2020
Vulnerability Reserved
Apr 21, 2020