CVE-2020-12032

CRITICAL

Baxter Em2400 Firmware - Cleartext Storage

Title source: rule

Description

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI.

References (1)

[Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsma-20-170-01

Scores

CVSS v3 9.1

EPSS 0.0011

EPSS Percentile 29.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-312 CWE-311

Status published

Products (4)

baxter/em1200_firmware 1.1

baxter/em1200_firmware 1.2

baxter/em2400_firmware 1.10

baxter/em2400_firmware 1.11

Published Jun 29, 2020

Tracked Since Feb 18, 2026