Sign-up

ID

VAR-202006-0372


CVE

CVE-2020-12020


TITLE

Baxter ExactaMix EM 2400 and EM1200 Vulnerability in leaking resources to the wrong area in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007461

DESCRIPTION

Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user. Baxter ExactaMix EM 2400 and EM1200 Exists in a vulnerability related to the leakage of resources to the wrong area.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter. There is a security vulnerability in Baxter ExactaMix EM2400 and ExactaMix EM1200

Trust: 2.16

sources: NVD: CVE-2020-12020 // JVNDB: JVNDB-2020-007461 // CNVD: CNVD-2020-57120

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-57120

AFFECTED PRODUCTS

vendor:baxtermodel:exactamix em1200scope:eqversion:1.1

Trust: 1.4

vendor:baxtermodel:exactamix em1200scope:eqversion:1.2

Trust: 1.4

vendor:baxtermodel:exactamix em1200scope:eqversion:1.4

Trust: 1.4

vendor:baxtermodel:em2400scope:eqversion:1.11

Trust: 1.0

vendor:baxtermodel:em1200scope:eqversion:1.2

Trust: 1.0

vendor:baxtermodel:em1200scope:eqversion:1.4

Trust: 1.0

vendor:baxtermodel:em2400scope:eqversion:1.13

Trust: 1.0

vendor:baxtermodel:em2400scope:eqversion:1.10

Trust: 1.0

vendor:baxtermodel:em1200scope:eqversion:1.1

Trust: 1.0

vendor:baxtermodel:exactamix em2400scope:eqversion:1.10

Trust: 0.8

vendor:baxtermodel:exactamix em2400scope:eqversion:1.11

Trust: 0.8

vendor:baxtermodel:exactamix em2400scope:eqversion:1.13

Trust: 0.8

vendor:baxtermodel:exactamix emscope:eqversion:24001.10

Trust: 0.6

vendor:baxtermodel:exactamix emscope:eqversion:24001.11

Trust: 0.6

vendor:baxtermodel:exactamix emscope:eqversion:24001.13

Trust: 0.6

sources: CNVD: CNVD-2020-57120 // JVNDB: JVNDB-2020-007461 // NVD: CVE-2020-12020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12020
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-007461
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-57120
value: LOW

Trust: 0.6

CNNVD: CNNVD-202006-1255
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-12020
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007461
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-57120
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-12020
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007461
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-57120 // JVNDB: JVNDB-2020-007461 // CNNVD: CNNVD-202006-1255 // NVD: CVE-2020-12020

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.8

sources: JVNDB: JVNDB-2020-007461 // NVD: CVE-2020-12020

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1255

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1255

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007461

PATCH
title:Top Pageurl:https://www.baxter.com/
Trust: 0.8
title:Patch for Baxter ExactaMix EM2400 and EM1200 information disclosure vulnerability (CNVD-2020-57120)url:https://www.cnvd.org.cn/patchInfo/show/236710
Trust: 0.6
title:Baxter ExactaMix EM2400  and ExactaMix EM1200 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122003
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-57120 // 
            
            
            
            JVNDB: JVNDB-2020-007461 // 
            
            
            
            CNNVD: CNNVD-202006-1255

EXTERNAL IDS
db:ICS CERTid:ICSMA-20-170-01
Trust: 3.0
db:NVDid:CVE-2020-12020
Trust: 3.0
db:JVNid:JVNVU91499991
Trust: 0.8
db:JVNDBid:JVNDB-2020-007461
Trust: 0.8
db:CNVDid:CNVD-2020-57120
Trust: 0.6
db:NSFOCUSid:47275
Trust: 0.6
db:CNNVDid:CNNVD-202006-1255
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-57120 // 
            
            
            
            JVNDB: JVNDB-2020-007461 // 
            
            
            
            CNNVD: CNNVD-202006-1255 // 
            
            
            
            NVD: CVE-2020-12020

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsma-20-170-01
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-12020
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12020
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsma-20-170-01
Trust: 0.8
url:https://jvn.jp/vu/jvnvu91499991/
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47275
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-57120 // 
            
            
            
            JVNDB: JVNDB-2020-007461 // 
            
            
            
            CNNVD: CNNVD-202006-1255 // 
            
            
            
            NVD: CVE-2020-12020

CREDITS
Baxter
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-1255

SOURCES
db:CNVDid:CNVD-2020-57120
db:JVNDBid:JVNDB-2020-007461
db:CNNVDid:CNNVD-202006-1255
db:NVDid:CVE-2020-12020

LAST UPDATE DATE
2024-11-23T20:59:17.531000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-57120date:2020-10-18T00:00:00
db:JVNDBid:JVNDB-2020-007461date:2020-08-13T00:00:00
db:CNNVDid:CNNVD-202006-1255date:2020-07-28T00:00:00
db:NVDid:CVE-2020-12020date:2024-11-21T04:59:07.700

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-57120date:2020-10-18T00:00:00
db:JVNDBid:JVNDB-2020-007461date:2020-08-13T00:00:00
db:CNNVDid:CNNVD-202006-1255date:2020-06-18T00:00:00
db:NVDid:CVE-2020-12020date:2020-06-29T14:15:11.210