Sign-up

ID

VAR-202006-1810


CVE

CVE-2020-12024


TITLE

Baxter ExactaMix EM 2400 and EM1200 Vulnerability regarding lack of authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007462

DESCRIPTION

Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI. Baxter ExactaMix EM 2400 and EM1200 Exists in a vulnerability related to lack of authentication.Information may be obtained and tampered with. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter. Baxter ExactaMix EM2400 and EM1200 have an access control error vulnerability

Trust: 2.16

sources: NVD: CVE-2020-12024 // JVNDB: JVNDB-2020-007462 // CNVD: CNVD-2020-57121

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-57121

AFFECTED PRODUCTS

vendor:baxtermodel:exactamix em1200scope:eqversion:1.1

Trust: 1.4

vendor:baxtermodel:exactamix em1200scope:eqversion:1.2

Trust: 1.4

vendor:baxtermodel:exactamix em1200scope:eqversion:1.4

Trust: 1.4

vendor:baxtermodel:exactamix em1200scope:eqversion:1.5

Trust: 1.4

vendor:baxtermodel:exactamix em2400scope:eqversion:1.14

Trust: 1.4

vendor:baxtermodel:em1200scope:eqversion:1.2

Trust: 1.0

vendor:baxtermodel:em1200scope:eqversion:1.4

Trust: 1.0

vendor:baxtermodel:em2400scope:eqversion:1.14

Trust: 1.0

vendor:baxtermodel:em1200scope:eqversion:1.1

Trust: 1.0

vendor:baxtermodel:em2400scope:eqversion:1.13

Trust: 1.0

vendor:baxtermodel:em1200scope:eqversion:1.5

Trust: 1.0

vendor:baxtermodel:em2400scope:eqversion:1.10

Trust: 1.0

vendor:baxtermodel:em2400scope:eqversion:1.11

Trust: 1.0

vendor:baxtermodel:exactamix em2400scope:eqversion:1.10

Trust: 0.8

vendor:baxtermodel:exactamix em2400scope:eqversion:1.11

Trust: 0.8

vendor:baxtermodel:exactamix em2400scope:eqversion:1.13

Trust: 0.8

vendor:baxtermodel:exactamix emscope:eqversion:24001.10

Trust: 0.6

vendor:baxtermodel:exactamix emscope:eqversion:24001.11

Trust: 0.6

vendor:baxtermodel:exactamix emscope:eqversion:24001.13

Trust: 0.6

sources: CNVD: CNVD-2020-57121 // JVNDB: JVNDB-2020-007462 // NVD: CVE-2020-12024

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12024
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-007462
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-57121
value: LOW

Trust: 0.6

CNNVD: CNNVD-202006-1261
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-12024
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007462
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-57121
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-12024
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007462
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-57121 // JVNDB: JVNDB-2020-007462 // CNNVD: CNNVD-202006-1261 // NVD: CVE-2020-12024

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-862

Trust: 0.8

sources: JVNDB: JVNDB-2020-007462 // NVD: CVE-2020-12024

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1261

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007462

PATCH
title:Top Pageurl:https://www.baxter.com/
Trust: 0.8
title:Patch for Baxter ExactaMix EM2400 and EM1200 access control error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/236713
Trust: 0.6
title:Baxter ExactaMix EM2400  and EM1200 Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122009
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-57121 // 
            
            
            
            JVNDB: JVNDB-2020-007462 // 
            
            
            
            CNNVD: CNNVD-202006-1261

EXTERNAL IDS
db:ICS CERTid:ICSMA-20-170-01
Trust: 3.0
db:NVDid:CVE-2020-12024
Trust: 3.0
db:JVNid:JVNVU91499991
Trust: 0.8
db:JVNDBid:JVNDB-2020-007462
Trust: 0.8
db:CNVDid:CNVD-2020-57121
Trust: 0.6
db:NSFOCUSid:47291
Trust: 0.6
db:CNNVDid:CNNVD-202006-1261
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-57121 // 
            
            
            
            JVNDB: JVNDB-2020-007462 // 
            
            
            
            CNNVD: CNNVD-202006-1261 // 
            
            
            
            NVD: CVE-2020-12024

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsma-20-170-01
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-12024
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12024
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsma-20-170-01
Trust: 0.8
url:https://jvn.jp/vu/jvnvu91499991/
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47291
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-57121 // 
            
            
            
            JVNDB: JVNDB-2020-007462 // 
            
            
            
            CNNVD: CNNVD-202006-1261 // 
            
            
            
            NVD: CVE-2020-12024

CREDITS
Baxter
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-1261

SOURCES
db:CNVDid:CNVD-2020-57121
db:JVNDBid:JVNDB-2020-007462
db:CNNVDid:CNNVD-202006-1261
db:NVDid:CVE-2020-12024

LAST UPDATE DATE
2024-11-23T20:41:58.325000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-57121date:2020-10-18T00:00:00
db:JVNDBid:JVNDB-2020-007462date:2020-08-13T00:00:00
db:CNNVDid:CNNVD-202006-1261date:2021-11-05T00:00:00
db:NVDid:CVE-2020-12024date:2024-11-21T04:59:08.123

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-57121date:2020-10-18T00:00:00
db:JVNDBid:JVNDB-2020-007462date:2020-08-13T00:00:00
db:CNNVDid:CNNVD-202006-1261date:2020-06-18T00:00:00
db:NVDid:CVE-2020-12024date:2020-06-29T14:15:11.270