ID

VAR-202006-0329


CVE

CVE-2020-12041


TITLE

Baxter Spectrum Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007455

DESCRIPTION

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot. Baxter Spectrum Includes a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter WBM and Baxter Spectrum are both products of Baxter. Baxter WBM is a wireless battery module for Baxter products. Baxter Spectrum is an infusion pump. The WBM used in Baxter Spectrum has security vulnerabilities

Trust: 2.25

sources: NVD: CVE-2020-12041 // JVNDB: JVNDB-2020-007455 // CNVD: CNVD-2021-21078 // VULMON: CVE-2020-12041

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-21078

AFFECTED PRODUCTS

vendor:baxtermodel:sigma spectrum infusion systemscope:eqversion:8.0

Trust: 1.0

vendor:baxtermodel:sigma spectrum infusion systemscope: - version: -

Trust: 0.8

vendor:baxtermodel:spectrum wbmscope:eqversion:17

Trust: 0.6

vendor:baxtermodel:spectrum wbm 20d29scope: - version: -

Trust: 0.6

vendor:baxtermodel:spectrum wbm 20d30scope: - version: -

Trust: 0.6

vendor:baxtermodel:spectrum wbm 20d31scope: - version: -

Trust: 0.6

vendor:baxtermodel:spectrum wbm 22d24scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-21078 // JVNDB: JVNDB-2020-007455 // NVD: CVE-2020-12041

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12041
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-007455
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-21078
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202006-1229
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-12041
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-12041
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-007455
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-21078
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-12041
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007455
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-21078 // VULMON: CVE-2020-12041 // JVNDB: JVNDB-2020-007455 // CNNVD: CNNVD-202006-1229 // NVD: CVE-2020-12041

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.8

sources: JVNDB: JVNDB-2020-007455 // NVD: CVE-2020-12041

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1229

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1229

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007455

PATCH

title:Top Pageurl:https://www.baxter.com/

Trust: 0.8

sources: JVNDB: JVNDB-2020-007455

EXTERNAL IDS

db:ICS CERTid:ICSMA-20-170-04

Trust: 3.1

db:NVDid:CVE-2020-12041

Trust: 3.1

db:JVNid:JVNVU91499991

Trust: 0.8

db:JVNDBid:JVNDB-2020-007455

Trust: 0.8

db:CNVDid:CNVD-2021-21078

Trust: 0.6

db:NSFOCUSid:47300

Trust: 0.6

db:AUSCERTid:ESB-2020.2149

Trust: 0.6

db:CNNVDid:CNNVD-202006-1229

Trust: 0.6

db:VULMONid:CVE-2020-12041

Trust: 0.1

sources: CNVD: CNVD-2021-21078 // VULMON: CVE-2020-12041 // JVNDB: JVNDB-2020-007455 // CNNVD: CNNVD-202006-1229 // NVD: CVE-2020-12041

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsma-20-170-04

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12041

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12041

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsma-20-170-04

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91499991/

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2149/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47300

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/732.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsma-20-170-04

Trust: 0.1

sources: CNVD: CNVD-2021-21078 // VULMON: CVE-2020-12041 // JVNDB: JVNDB-2020-007455 // CNNVD: CNNVD-202006-1229 // NVD: CVE-2020-12041

CREDITS

Baxter

Trust: 0.6

sources: CNNVD: CNNVD-202006-1229

SOURCES

db:CNVDid:CNVD-2021-21078
db:VULMONid:CVE-2020-12041
db:JVNDBid:JVNDB-2020-007455
db:CNNVDid:CNNVD-202006-1229
db:NVDid:CVE-2020-12041

LAST UPDATE DATE

2024-08-14T12:11:15.692000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-21078date:2021-03-23T00:00:00
db:VULMONid:CVE-2020-12041date:2020-07-08T00:00:00
db:JVNDBid:JVNDB-2020-007455date:2020-08-13T00:00:00
db:CNNVDid:CNNVD-202006-1229date:2020-07-29T00:00:00
db:NVDid:CVE-2020-12041date:2020-07-08T15:22:44.550

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-21078date:2021-03-23T00:00:00
db:VULMONid:CVE-2020-12041date:2020-06-29T00:00:00
db:JVNDBid:JVNDB-2020-007455date:2020-08-13T00:00:00
db:CNNVDid:CNNVD-202006-1229date:2020-06-18T00:00:00
db:NVDid:CVE-2020-12041date:2020-06-29T14:15:11.757