CVE-2020-12020
Last modified
CVE-2020-12020 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.. EPSS estimates a 0.31% chance of exploitation in the next 30 days.
Description
Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Baxter | Em2400 Firmware | 1.10 |
| Baxter | Em2400 Firmware | 1.11 |
| Baxter | Em2400 Firmware | 1.13 |
| Baxter | Em1200 Firmware | 1.1 |
| Baxter | Em1200 Firmware | 1.2 |
| Baxter | Em1200 Firmware | 1.4 |
References
- https://www.us-cert.gov/ics/advisories/icsma-20-170-01Third Party Advisory, US Government Resource
- https://www.us-cert.gov/ics/advisories/icsma-20-170-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-12020?
How severe is CVE-2020-12020?
How do I fix CVE-2020-12020?
Are you affected by CVE-2020-12020?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST