CVE-2020-12040
Last modified
CVE-2020-12040 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack.. EPSS estimates a 0.94% chance of exploitation in the next 30 days.
Description
Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Baxter | Sigma Spectrum Infusion System Firmware | >= 6.0, <= 6.05 |
| Baxter | Sigma Spectrum Infusion System Firmware | 8.0 |
References
- https://www.us-cert.gov/ics/advisories/icsma-20-170-04Third Party Advisory, US Government Resource
- https://www.us-cert.gov/ics/advisories/icsma-20-170-04Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-12040?
How severe is CVE-2020-12040?
How do I fix CVE-2020-12040?
Are you affected by CVE-2020-12040?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST