CVE-2020-12020

MEDIUM

Baxter Em2400 Firmware - Exposure to Wrong Actor

Title source: rule

Description

Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.

References (1)

[Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsma-20-170-01

Scores

CVSS v3 6.1

EPSS 0.0006

EPSS Percentile 16.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Classification

CWE

CWE-668

Status published

Affected Products (6)

baxter/em2400_firmware

baxter/em1200_firmware

Timeline

Published Jun 29, 2020

Tracked Since Feb 18, 2026