fkie_nvd - fkie_cve-2020-12039

fkie_cve-2020-12039

Vulnerability from fkie_nvd

Published

2020-06-29 14:15

Modified

2024-11-21 04:59

Severity ?

2.4 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed.

References

▶	URL	Tags
	ics-cert@hq.dhs.gov	https://www.us-cert.gov/ics/advisories/icsma-20-170-04	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/icsma-20-170-04	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
baxter	sigma_spectrum_infusion_system_firmware	*
baxter	sigma_spectrum_infusion_system_firmware	8.0
baxter	sigma_spectrum_infusion_system	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCC49AB-B0AD-44FF-ACEB-3C26EA4F2C3C",
              "versionEndIncluding": "6.05",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72D0F7CB-3D24-4A8D-826D-ACB20ACBEB1C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:baxter:sigma_spectrum_infusion_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E25260-EC14-4E98-A86B-CBBE47E26AE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v\u0027s6.x model 35700BAX \u0026 Baxter Spectrum Infusion System v\u0027s8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed."
    },
    {
      "lang": "es",
      "value": "Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System versiones v\u0027s6.x modelo 35700BAX y Baxter Spectrum Infusion System versiones v\u0027s8.x modelo 35700BAX2, contienen contrase\u00f1as embebidas cuando se ingresan f\u00edsicamente en el teclado proporcionan acceso a men\u00fas biom\u00e9dicos que incluyen configuraciones de dispositivos, visualizar valores de calibraci\u00f3n, configuraci\u00f3n de red de Sigma Spectrum WBM si est\u00e1 instalado"
    }
  ],
  "id": "CVE-2020-12039",
  "lastModified": "2024-11-21T04:59:09.853",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.4,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-29T14:15:11.617",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-259"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2020-12039 (GCVE-0-2020-12039)

Vulnerability from cvelistv5

Published

2020-06-29 13:45

Modified

2024-08-04 11:48

Severity ?

CWE

CWE-259

Summary

References

►

URL

Tags

https://www.us-cert.gov/ics/advisories/icsma-20-170-04

x_refsource_MISC