CVE-2020-12041
CRITICALBaxter Sigma Spectrum Infusion System... - Incorrect Permission Assignment
Title source: ruleDescription
The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsma-20-170-04
Scores
CVSS v3
9.4
EPSS
0.0028
EPSS Percentile
51.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Details
CWE
CWE-732
Status
published
Products (1)
baxter/sigma_spectrum_infusion_system_firmware
8.0
Published
Jun 29, 2020
Tracked Since
Feb 18, 2026