Vulnerabilities > CVE-2020-12020 - Exposure of Resource to Wrong Sphere vulnerability in Baxter Em1200 Firmware and Em2400 Firmware

CVSS 6.1 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

HIGH

local

low complexity

baxter

CWE-668

NVD

Published: 2020-06-29

Updated: 2020-07-08

Summary

Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.

Vulnerable Configurations

Part	Description	Count
OS	Baxter Baxter Em2400 Firmware 1.10 Baxter Em2400 Firmware 1.11 Baxter Em2400 Firmware 1.13 Baxter Em1200 Firmware 1.1 Baxter Em1200 Firmware 1.2 Baxter Em1200 Firmware 1.4	6
Hardware	Baxter Baxter Em2400 - Baxter Em1200 -	2

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://www.us-cert.gov/ics/advisories/icsma-20-170-01