Telnet Service Vulnerability in Baxter Spectrum WBM and Spectrum Model
CVE-2020-12045

9.8CRITICAL

Key Information:

Vendor: Baxter
Status: Baxter Sigma Spectrum Infusion Pumps
Vendor: CVE Published:; 29 June 2020

What is CVE-2020-12045?

The Baxter Spectrum WBM device, when utilized alongside the Baxter Spectrum model 35700BAX2, exposes a Telnet service on Port 1023 that operates with hard-coded credentials. This flaw could allow unauthorized access to the device, potentially compromising its functionality and the sensitive data it handles. Organizations using these products should evaluate their security configurations and consider improvements to guard against potential exploitation.

Affected Version(s)

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum v6.x model 35700BAX,Spectrum v8.x model 35700BAX2,Sigma Spectrum v6.x with Wireless Battery Module (WBM) v9,v11,v13,v14,v15,v16,v20D29,v20D30,v20D31,v22D24, Spectrum v8.x w/WBM v17,v20D29,v20D30,v20D31,v22D24,Spectrum WBM v17,v20D29,v20D30,v20D31,v22D24,Spectrum LVP v8.x with WBM v17, v20D29,v20D30,v20D31,and v22D24

References

https://www.us-cert.gov/ics/advisories/icsma-20-170-04

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 29, 2020
Vulnerability Reserved
Apr 21, 2020