Vulnerability Description
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Baxter | Em2400 Firmware | 1.10 |
| Baxter | Em2400 | - |
| Baxter | Em1200 Firmware | 1.1 |
| Baxter | Em1200 | - |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsma-20-170-01Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsma-20-170-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-12016?
CVE-2020-12016 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 an...
How severe is CVE-2020-12016?
CVE-2020-12016 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-12016?
Check the references section above for vendor advisories and patch information. Affected products include: Baxter Em2400 Firmware, Baxter Em2400, Baxter Em1200 Firmware, Baxter Em1200.