Vulnerability Description
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings and calibration.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Baxter | Prismaflex Firmware | All versions |
| Baxter | Prismaflex | - |
| Baxter | Prismax Firmware | < 3.0 |
| Baxter | Prismax | - |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsma-20-170-01Not Applicable
- https://us-cert.cisa.gov/ics/advisories/icsma-20-170-02Third Party Advisory
- https://www.us-cert.gov/ics/advisories/icsma-20-170-01Not Applicable
FAQ
What is CVE-2020-12035?
CVE-2020-12035 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibra...
How severe is CVE-2020-12035?
CVE-2020-12035 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-12035?
Check the references section above for vendor advisories and patch information. Affected products include: Baxter Prismaflex Firmware, Baxter Prismaflex, Baxter Prismax Firmware, Baxter Prismax.