CVE-2020-12035

Name: CVE-2020-12035
Creator: NVD / NIST
Published: 2020-06-29T14:15:11.397+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.9/10EPSS 0.25%

Last modified Jun 17, 2026

CVE-2020-12035 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings and calibration.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings and calibration.

Metrics

CVSS 3.1

4.9/10

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

EPSS Probability

0.25%

15.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Baxter	Prismaflex Firmware	All versions
Baxter	Prismax Firmware	< 3.0

References

https://www.us-cert.gov/ics/advisories/icsma-20-170-01Not Applicable
https://us-cert.cisa.gov/ics/advisories/icsma-20-170-02Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsma-20-170-01Not Applicable

Timeline

Published: Jun 29, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-12035?

How severe is CVE-2020-12035?

CVE-2020-12035 has a CVSS score of 4.9/10 (MEDIUM severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.

How do I fix CVE-2020-12035?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-12035?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST