CVE-2020-12020
MEDIUMBaxter ExactaMix EM 2400 and EM1200 - Unauthorized Operating System Access via Startup Script
Title source: llmDescription
Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsma-20-170-01
Scores
CVSS v3
6.1
EPSS
0.0031
EPSS Percentile
22.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Details
CWE
CWE-668
Status
published
Products (6)
baxter/em1200_firmware
1.1
baxter/em1200_firmware
1.2
baxter/em1200_firmware
1.4
baxter/em2400_firmware
1.10
baxter/em2400_firmware
1.11
baxter/em2400_firmware
1.13
Published
Jun 29, 2020
Tracked Since
Feb 18, 2026