ID

VAR-202006-0330


CVE

CVE-2020-12043


TITLE

Baxter Spectrum Vulnerability in manipulating resources after expiration or release in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007456

DESCRIPTION

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted. Baxter Spectrum Vulnerable to post-expiration or post-release resource manipulation vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter WBM and Baxter Spectrum are both products of Baxter. Baxter WBM is a wireless battery module for Baxter products. Baxter Spectrum is an infusion pump. There is a security vulnerability in Baxter Spectrum WBM. Attackers can use this vulnerability to gain access to the FTP service with the help of a specially crafted request

Trust: 2.25

sources: NVD: CVE-2020-12043 // JVNDB: JVNDB-2020-007456 // CNVD: CNVD-2021-21076 // VULMON: CVE-2020-12043

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-21076

AFFECTED PRODUCTS

vendor:baxtermodel:sigma spectrum infusion systemscope:eqversion:8.0

Trust: 1.0

vendor:baxtermodel:sigma spectrum infusion systemscope: - version: -

Trust: 0.8

vendor:baxtermodel:spectrum wbmscope:eqversion:17

Trust: 0.6

vendor:baxtermodel:spectrum wbm 20d29scope: - version: -

Trust: 0.6

vendor:baxtermodel:spectrum wbm 20d30scope: - version: -

Trust: 0.6

vendor:baxtermodel:spectrum wbm 20d31scope: - version: -

Trust: 0.6

vendor:baxtermodel:spectrum wbm 22d24scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-21076 // JVNDB: JVNDB-2020-007456 // NVD: CVE-2020-12043

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12043
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-007456
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-21076
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202006-1223
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-12043
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-12043
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-007456
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-21076
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-12043
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007456
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-21076 // VULMON: CVE-2020-12043 // JVNDB: JVNDB-2020-007456 // CNNVD: CNNVD-202006-1223 // NVD: CVE-2020-12043

PROBLEMTYPE DATA

problemtype:CWE-672

Trust: 1.8

sources: JVNDB: JVNDB-2020-007456 // NVD: CVE-2020-12043

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1223

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1223

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007456

PATCH

title:Top Pageurl:https://www.baxter.com/

Trust: 0.8

sources: JVNDB: JVNDB-2020-007456

EXTERNAL IDS

db:ICS CERTid:ICSMA-20-170-04

Trust: 3.1

db:NVDid:CVE-2020-12043

Trust: 3.1

db:JVNid:JVNVU91499991

Trust: 0.8

db:JVNDBid:JVNDB-2020-007456

Trust: 0.8

db:CNVDid:CNVD-2021-21076

Trust: 0.6

db:NSFOCUSid:47312

Trust: 0.6

db:AUSCERTid:ESB-2020.2149

Trust: 0.6

db:CNNVDid:CNNVD-202006-1223

Trust: 0.6

db:VULMONid:CVE-2020-12043

Trust: 0.1

sources: CNVD: CNVD-2021-21076 // VULMON: CVE-2020-12043 // JVNDB: JVNDB-2020-007456 // CNNVD: CNNVD-202006-1223 // NVD: CVE-2020-12043

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsma-20-170-04

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12043

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12043

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsma-20-170-04

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91499991/

Trust: 0.8

url:http://www.nsfocus.net/vulndb/47312

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2149/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/672.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsma-20-170-04

Trust: 0.1

sources: CNVD: CNVD-2021-21076 // VULMON: CVE-2020-12043 // JVNDB: JVNDB-2020-007456 // CNNVD: CNNVD-202006-1223 // NVD: CVE-2020-12043

CREDITS

Baxter

Trust: 0.6

sources: CNNVD: CNNVD-202006-1223

SOURCES

db:CNVDid:CNVD-2021-21076
db:VULMONid:CVE-2020-12043
db:JVNDBid:JVNDB-2020-007456
db:CNNVDid:CNNVD-202006-1223
db:NVDid:CVE-2020-12043

LAST UPDATE DATE

2024-08-14T13:06:54.106000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-21076date:2021-03-23T00:00:00
db:VULMONid:CVE-2020-12043date:2020-07-08T00:00:00
db:JVNDBid:JVNDB-2020-007456date:2020-08-13T00:00:00
db:CNNVDid:CNNVD-202006-1223date:2020-07-29T00:00:00
db:NVDid:CVE-2020-12043date:2020-07-08T14:54:54.530

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-21076date:2021-03-23T00:00:00
db:VULMONid:CVE-2020-12043date:2020-06-29T00:00:00
db:JVNDBid:JVNDB-2020-007456date:2020-08-13T00:00:00
db:CNNVDid:CNNVD-202006-1223date:2020-06-18T00:00:00
db:NVDid:CVE-2020-12043date:2020-06-29T14:15:11.817