Baxter Em1200 Firmware vulnerabilities
6 known vulnerabilities affecting baxter/em1200_firmware.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2020-12016P2CRITICALCVSS 9.8v1.1v1.2+2 more2020-06-29
CVE-2020-12016 [CRITICAL] CWE-259 CVE-2020-12016: Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, Exact
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful e
nvd
CVE-2020-12032P3CRITICALCVSS 9.1v1.1v1.22020-06-29
CVE-2020-12032 [CRITICAL] CWE-311 CVE-2020-12032: Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store de
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI.
nvd
CVE-2020-12008P3HIGHCVSS 7.5v1.1v1.22020-06-29
CVE-2020-12008 [HIGH] CWE-319 CVE-2020-12008: Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use clea
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI.
nvd
CVE-2020-12012P4MEDIUMCVSS 6.1v1.1v1.2+2 more2020-06-29
CVE-2020-12012 [MEDIUM] CWE-259 CVE-2020-12012: Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, Exact
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation
nvd
CVE-2020-12024P4MEDIUMCVSS 6.1v1.1v1.2+2 more2020-06-29
CVE-2020-12024 [MEDIUM] CWE-284 CVE-2020-12024: Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload o
nvd
CVE-2020-12020P4MEDIUMCVSS 6.1v1.1v1.2+1 more2020-06-29
CVE-2020-12020 [MEDIUM] CWE-668 CVE-2020-12020: Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1
Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access
nvd