Details of VAR-202006-1809

ID

VAR-202006-1809

CVE

CVE-2020-12032

TITLE

Baxter ExactaMix EM 2400 and EM1200 Vulnerability regarding lack of encryption of critical data in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007463

DESCRIPTION

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI. Baxter ExactaMix EM 2400 and EM1200 There is a vulnerability in the lack of encryption of critical data.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter. Baxter ExactaMix EM2400 and EM1200 have encryption vulnerabilities

Trust: 2.16

sources: NVD: CVE-2020-12032 // JVNDB: JVNDB-2020-007463 // CNVD: CNVD-2020-57122

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-57122

AFFECTED PRODUCTS

vendor:	baxter	model:	exactamix em1200	scope:	eq	version:	1.1	Trust: 1.4
vendor:	baxter	model:	exactamix em1200	scope:	eq	version:	1.2	Trust: 1.4
vendor:	baxter	model:	em1200	scope:	eq	version:	1.1	Trust: 1.0
vendor:	baxter	model:	em1200	scope:	eq	version:	1.2	Trust: 1.0
vendor:	baxter	model:	em2400	scope:	eq	version:	1.10	Trust: 1.0
vendor:	baxter	model:	em2400	scope:	eq	version:	1.11	Trust: 1.0
vendor:	baxter	model:	exactamix em2400	scope:	eq	version:	1.10	Trust: 0.8
vendor:	baxter	model:	exactamix em2400	scope:	eq	version:	1.11	Trust: 0.8
vendor:	baxter	model:	exactamix em	scope:	eq	version:	24001.10	Trust: 0.6
vendor:	baxter	model:	exactamix em	scope:	eq	version:	24001.11	Trust: 0.6

sources: CNVD: CNVD-2020-57122 // JVNDB: JVNDB-2020-007463 // NVD: CVE-2020-12032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12032
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-007463
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-57122
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1264
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-12032
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-007463
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-57122
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-12032
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-007463
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-57122 // JVNDB: JVNDB-2020-007463 // CNNVD: CNNVD-202006-1264 // NVD: CVE-2020-12032

PROBLEMTYPE DATA

problemtype:	CWE-311	Trust: 1.8
problemtype:	CWE-312	Trust: 1.0

sources: JVNDB: JVNDB-2020-007463 // NVD: CVE-2020-12032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1264

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1264

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007463

PATCH

title:	Top Page	url:	https://www.baxter.com/	Trust: 0.8
title:	Patch for Baxter ExactaMix EM2400 and EM1200 encryption issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/236716	Trust: 0.6
title:	Baxter ExactaMix EM2400 and EM1200 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123422	Trust: 0.6

sources: CNVD: CNVD-2020-57122 // JVNDB: JVNDB-2020-007463 // CNNVD: CNNVD-202006-1264

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12032	Trust: 3.0
db:	ICS CERT	id:	ICSMA-20-170-01	Trust: 3.0
db:	JVN	id:	JVNVU91499991	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-007463	Trust: 0.8
db:	CNVD	id:	CNVD-2020-57122	Trust: 0.6
db:	NSFOCUS	id:	47288	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1264	Trust: 0.6

sources: CNVD: CNVD-2020-57122 // JVNDB: JVNDB-2020-007463 // CNNVD: CNNVD-202006-1264 // NVD: CVE-2020-12032

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsma-20-170-01	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12032	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12032	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsma-20-170-01	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91499991/	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47288	Trust: 0.6

sources: CNVD: CNVD-2020-57122 // JVNDB: JVNDB-2020-007463 // CNNVD: CNNVD-202006-1264 // NVD: CVE-2020-12032

CREDITS

Baxter

Trust: 0.6

sources: CNNVD: CNNVD-202006-1264

SOURCES

db:	CNVD	id:	CNVD-2020-57122
db:	JVNDB	id:	JVNDB-2020-007463
db:	CNNVD	id:	CNNVD-202006-1264
db:	NVD	id:	CVE-2020-12032

LAST UPDATE DATE

2024-11-23T20:01:36.363000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-57122	date:	2020-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-007463	date:	2020-08-13T00:00:00
db:	CNNVD	id:	CNNVD-202006-1264	date:	2021-11-05T00:00:00
db:	NVD	id:	CVE-2020-12032	date:	2024-11-21T04:59:09.060

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-57122	date:	2020-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-007463	date:	2020-08-13T00:00:00
db:	CNNVD	id:	CNNVD-202006-1264	date:	2020-06-18T00:00:00
db:	NVD	id:	CVE-2020-12032	date:	2020-06-29T14:15:11.333