Details of VAR-202006-0368

ID

VAR-202006-0368

CVE

CVE-2020-12016

TITLE

Baxter ExactaMix EM 2400 and EM1200 Vulnerability in using hard-coded credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007460

DESCRIPTION

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI. Baxter ExactaMix EM 2400 and EM1200 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter, USA. There is a trust management vulnerability in Baxter ExactaMix EM2400 and ExactaMix EM1200. The vulnerability is caused by the use of hard-coded credentials in the management account of the ExactaMix operating system

Trust: 2.16

sources: NVD: CVE-2020-12016 // JVNDB: JVNDB-2020-007460 // CNVD: CNVD-2021-21075

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-21075

AFFECTED PRODUCTS

vendor:	baxter	model:	exactamix em1200	scope:	eq	version:	1.1	Trust: 1.4
vendor:	baxter	model:	exactamix em1200	scope:	eq	version:	1.2	Trust: 1.4
vendor:	baxter	model:	exactamix em1200	scope:	eq	version:	1.4	Trust: 1.4
vendor:	baxter	model:	exactamix em1200	scope:	eq	version:	1.5	Trust: 1.4
vendor:	baxter	model:	exactamix em2400	scope:	eq	version:	1.14	Trust: 1.4
vendor:	baxter	model:	em1200	scope:	eq	version:	1.2	Trust: 1.0
vendor:	baxter	model:	em1200	scope:	eq	version:	1.4	Trust: 1.0
vendor:	baxter	model:	em2400	scope:	eq	version:	1.14	Trust: 1.0
vendor:	baxter	model:	em1200	scope:	eq	version:	1.1	Trust: 1.0
vendor:	baxter	model:	em2400	scope:	eq	version:	1.13	Trust: 1.0
vendor:	baxter	model:	em1200	scope:	eq	version:	1.5	Trust: 1.0
vendor:	baxter	model:	em2400	scope:	eq	version:	1.10	Trust: 1.0
vendor:	baxter	model:	em2400	scope:	eq	version:	1.11	Trust: 1.0
vendor:	baxter	model:	exactamix em2400	scope:	eq	version:	1.10	Trust: 0.8
vendor:	baxter	model:	exactamix em2400	scope:	eq	version:	1.11	Trust: 0.8
vendor:	baxter	model:	exactamix em2400	scope:	eq	version:	1.13	Trust: 0.8
vendor:	baxter	model:	exactamix em	scope:	eq	version:	24001.10	Trust: 0.6
vendor:	baxter	model:	exactamix em	scope:	eq	version:	24001.11	Trust: 0.6
vendor:	baxter	model:	exactamix em	scope:	eq	version:	24001.13	Trust: 0.6

sources: CNVD: CNVD-2021-21075 // JVNDB: JVNDB-2020-007460 // NVD: CVE-2020-12016

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12016
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-007460
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-21075
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202006-1274
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-12016
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-007460
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-21075
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-12016
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-007460
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-21075 // JVNDB: JVNDB-2020-007460 // CNNVD: CNNVD-202006-1274 // NVD: CVE-2020-12016

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.8
problemtype:	CWE-259	Trust: 1.0

sources: JVNDB: JVNDB-2020-007460 // NVD: CVE-2020-12016

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1274

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1274

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007460

PATCH

title:	Top Page	url:	https://www.baxter.com/	Trust: 0.8
title:	Patch for Baxter ExactaMix EM2400 and ExactaMix EM1200 Trust Management Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/254331	Trust: 0.6
title:	Baxter ExactaMix EM2400 and ExactaMix EM1200 Repair measures for trust management problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123424	Trust: 0.6

sources: CNVD: CNVD-2021-21075 // JVNDB: JVNDB-2020-007460 // CNNVD: CNNVD-202006-1274

EXTERNAL IDS

db:	ICS CERT	id:	ICSMA-20-170-01	Trust: 3.0
db:	NVD	id:	CVE-2020-12016	Trust: 3.0
db:	JVN	id:	JVNVU91499991	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-007460	Trust: 0.8
db:	CNVD	id:	CNVD-2021-21075	Trust: 0.6
db:	NSFOCUS	id:	47290	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1274	Trust: 0.6

sources: CNVD: CNVD-2021-21075 // JVNDB: JVNDB-2020-007460 // CNNVD: CNNVD-202006-1274 // NVD: CVE-2020-12016

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsma-20-170-01	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12016	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12016	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsma-20-170-01	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91499991/	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47290	Trust: 0.6

sources: CNVD: CNVD-2021-21075 // JVNDB: JVNDB-2020-007460 // CNNVD: CNNVD-202006-1274 // NVD: CVE-2020-12016

CREDITS

Baxter

Trust: 0.6

sources: CNNVD: CNNVD-202006-1274

SOURCES

db:	CNVD	id:	CNVD-2021-21075
db:	JVNDB	id:	JVNDB-2020-007460
db:	CNNVD	id:	CNNVD-202006-1274
db:	NVD	id:	CVE-2020-12016

LAST UPDATE DATE

2024-11-23T21:25:03.852000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-21075	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-007460	date:	2020-08-13T00:00:00
db:	CNNVD	id:	CNNVD-202006-1274	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2020-12016	date:	2024-11-21T04:59:07.260

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-21075	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-007460	date:	2020-08-13T00:00:00
db:	CNNVD	id:	CNNVD-202006-1274	date:	2020-06-18T00:00:00
db:	NVD	id:	CVE-2020-12016	date:	2020-06-29T14:15:11.130