Sign-up

ID

VAR-202006-0323


CVE

CVE-2020-12035


TITLE

Baxter PrismaFlex and PrisMax trust management issue vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-52562 // CNNVD: CNNVD-202006-1246

DESCRIPTION

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings and calibration. Baxter PrismaFlex and PrisMax Contains a vulnerability in the use of hard-coded credentials.Information may be tampered with. Baxter PrismaFlex and PrisMax are both an intensive care equipment of Baxter. There is a trust management vulnerability in Baxter PrismaFlex (all versions) and PrisMax versions before 3.x. The vulnerability is caused by the lack of authentication of the device. Attackers can use the vulnerability to modify the treatment status information

Trust: 2.16

sources: NVD: CVE-2020-12035 // JVNDB: JVNDB-2020-007755 // CNVD: CNVD-2020-52562

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-52562

AFFECTED PRODUCTS

vendor:baxtermodel:prismaflexscope: - version: -

Trust: 1.4

vendor:baxtermodel:prismaflexscope:eqversion:*

Trust: 1.0

vendor:baxtermodel:prismaxscope:ltversion:3.0

Trust: 1.0

vendor:baxtermodel:prismaxscope:eqversion:3.x

Trust: 0.8

vendor:baxtermodel:prismaxscope:ltversion:3.*

Trust: 0.6

sources: CNVD: CNVD-2020-52562 // JVNDB: JVNDB-2020-007755 // NVD: CVE-2020-12035

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12035
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-007755
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-52562
value: LOW

Trust: 0.6

CNNVD: CNNVD-202006-1246
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-12035
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007755
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-52562
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-12035
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 0.7
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007755
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-52562 // JVNDB: JVNDB-2020-007755 // CNNVD: CNNVD-202006-1246 // NVD: CVE-2020-12035

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.8

problemtype:CWE-287

Trust: 1.0

sources: JVNDB: JVNDB-2020-007755 // NVD: CVE-2020-12035

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1246

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1246

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007755

PATCH
title:Top Pageurl:https://www.baxter.com/
Trust: 0.8
title:Patch for Baxter PrismaFlex and PrisMax trust management issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/234646
Trust: 0.6
title:Baxter PrismaFlex  and PrisMax Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124062
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52562 // 
            
            
            
            JVNDB: JVNDB-2020-007755 // 
            
            
            
            CNNVD: CNNVD-202006-1246

EXTERNAL IDS
db:ICS CERTid:ICSMA-20-170-02
Trust: 3.0
db:NVDid:CVE-2020-12035
Trust: 3.0
db:ICS CERTid:ICSMA-20-170-01
Trust: 1.6
db:JVNid:JVNVU91499991
Trust: 0.8
db:JVNDBid:JVNDB-2020-007755
Trust: 0.8
db:CNVDid:CNVD-2020-52562
Trust: 0.6
db:CNNVDid:CNNVD-202006-1246
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52562 // 
            
            
            
            JVNDB: JVNDB-2020-007755 // 
            
            
            
            CNNVD: CNNVD-202006-1246 // 
            
            
            
            NVD: CVE-2020-12035

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsma-20-170-02
Trust: 2.4
url:https://www.us-cert.gov/ics/advisories/icsma-20-170-01
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-12035
Trust: 1.4
url:https://www.us-cert.gov/ics/advisories/icsma-20-170-02
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12035
Trust: 0.8
url:https://jvn.jp/vu/jvnvu91499991/
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-52562 // 
            
            
            
            JVNDB: JVNDB-2020-007755 // 
            
            
            
            CNNVD: CNNVD-202006-1246 // 
            
            
            
            NVD: CVE-2020-12035

CREDITS
Baxter
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-1246

SOURCES
db:CNVDid:CNVD-2020-52562
db:JVNDBid:JVNDB-2020-007755
db:CNNVDid:CNNVD-202006-1246
db:NVDid:CVE-2020-12035

LAST UPDATE DATE
2024-11-23T19:25:30.627000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-52562date:2020-09-17T00:00:00
db:JVNDBid:JVNDB-2020-007755date:2020-08-25T00:00:00
db:CNNVDid:CNNVD-202006-1246date:2020-07-17T00:00:00
db:NVDid:CVE-2020-12035date:2024-11-21T04:59:09.403

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-52562date:2020-09-17T00:00:00
db:JVNDBid:JVNDB-2020-007755date:2020-08-25T00:00:00
db:CNNVDid:CNNVD-202006-1246date:2020-06-18T00:00:00
db:NVDid:CVE-2020-12035date:2020-06-29T14:15:11.397