Details of VAR-202006-0365

ID

VAR-202006-0365

CVE

CVE-2020-12008

TITLE

Baxter ExactaMix EM 2400 and EM1200 Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007459

DESCRIPTION

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI. Baxter ExactaMix EM 2400 and EM1200 Includes a vulnerability in the transmission of important information in clear text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter. Baxter ExactaMix EM2400 and EM1200 have an information disclosure vulnerability

Trust: 2.16

sources: NVD: CVE-2020-12008 // JVNDB: JVNDB-2020-007459 // CNVD: CNVD-2020-57123

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-57123

AFFECTED PRODUCTS

vendor:	baxter	model:	exactamix em1200	scope:	eq	version:	1.1	Trust: 1.4
vendor:	baxter	model:	exactamix em1200	scope:	eq	version:	1.2	Trust: 1.4
vendor:	baxter	model:	em1200	scope:	eq	version:	1.1	Trust: 1.0
vendor:	baxter	model:	em1200	scope:	eq	version:	1.2	Trust: 1.0
vendor:	baxter	model:	em2400	scope:	eq	version:	1.10	Trust: 1.0
vendor:	baxter	model:	em2400	scope:	eq	version:	1.11	Trust: 1.0
vendor:	baxter	model:	exactamix em2400	scope:	eq	version:	1.10	Trust: 0.8
vendor:	baxter	model:	exactamix em2400	scope:	eq	version:	1.11	Trust: 0.8
vendor:	baxter	model:	exactamix em	scope:	eq	version:	24001.10	Trust: 0.6
vendor:	baxter	model:	exactamix em	scope:	eq	version:	24001.11	Trust: 0.6

sources: CNVD: CNVD-2020-57123 // JVNDB: JVNDB-2020-007459 // NVD: CVE-2020-12008

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12008
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-007459
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-57123
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1268
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-12008
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-007459
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-57123
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-12008
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-007459
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-57123 // JVNDB: JVNDB-2020-007459 // CNNVD: CNNVD-202006-1268 // NVD: CVE-2020-12008

PROBLEMTYPE DATA

problemtype:

CWE-319

Trust: 1.8

sources: JVNDB: JVNDB-2020-007459 // NVD: CVE-2020-12008

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1268

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1268

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007459

PATCH

title:	Top Page	url:	https://www.baxter.com/	Trust: 0.8
title:	Patch for Baxter ExactaMix EM2400 and EM1200 information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/236719	Trust: 0.6
title:	Baxter ExactaMix EM2400 and ExactaMix EM1200 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122014	Trust: 0.6

sources: CNVD: CNVD-2020-57123 // JVNDB: JVNDB-2020-007459 // CNNVD: CNNVD-202006-1268

EXTERNAL IDS

db:	ICS CERT	id:	ICSMA-20-170-01	Trust: 3.0
db:	NVD	id:	CVE-2020-12008	Trust: 3.0
db:	JVN	id:	JVNVU91499991	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-007459	Trust: 0.8
db:	CNVD	id:	CNVD-2020-57123	Trust: 0.6
db:	NSFOCUS	id:	47296	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1268	Trust: 0.6

sources: CNVD: CNVD-2020-57123 // JVNDB: JVNDB-2020-007459 // CNNVD: CNNVD-202006-1268 // NVD: CVE-2020-12008

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsma-20-170-01	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12008	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12008	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsma-20-170-01	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91499991/	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47296	Trust: 0.6

sources: CNVD: CNVD-2020-57123 // JVNDB: JVNDB-2020-007459 // CNNVD: CNNVD-202006-1268 // NVD: CVE-2020-12008

CREDITS

Baxter

Trust: 0.6

sources: CNNVD: CNNVD-202006-1268

SOURCES

db:	CNVD	id:	CNVD-2020-57123
db:	JVNDB	id:	JVNDB-2020-007459
db:	CNNVD	id:	CNNVD-202006-1268
db:	NVD	id:	CVE-2020-12008

LAST UPDATE DATE

2024-11-23T21:02:13.380000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-57123	date:	2020-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-007459	date:	2020-08-13T00:00:00
db:	CNNVD	id:	CNNVD-202006-1268	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2020-12008	date:	2024-11-21T04:59:06.317

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-57123	date:	2020-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-007459	date:	2020-08-13T00:00:00
db:	CNNVD	id:	CNNVD-202006-1268	date:	2020-06-18T00:00:00
db:	NVD	id:	CVE-2020-12008	date:	2020-06-29T14:15:10.973