Sign-up

ID

VAR-202006-0326


CVE

CVE-2020-12039


TITLE

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System and Baxter Spectrum Infusion System Vulnerability in using hard-coded credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007530

DESCRIPTION

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed. The vulnerability is caused by the program containing a hard-coded password

Trust: 2.25

sources: NVD: CVE-2020-12039 // JVNDB: JVNDB-2020-007530 // CNVD: CNVD-2021-21081 // VULMON: CVE-2020-12039

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-21081

AFFECTED PRODUCTS

vendor:baxtermodel:sigma spectrum infusion systemscope:lteversion:6.05

Trust: 1.0

vendor:baxtermodel:sigma spectrum infusion systemscope:eqversion:8.0

Trust: 1.0

vendor:baxtermodel:sigma spectrum infusion systemscope:gteversion:6.0

Trust: 1.0

vendor:baxtermodel:sigma spectrum infusion systemscope: - version: -

Trust: 0.8

vendor:baxtermodel:sigma spectrum infusion systemscope:eqversion:6.*

Trust: 0.6

vendor:baxtermodel:spectrum infusion systemscope:eqversion:8.*

Trust: 0.6

sources: CNVD: CNVD-2021-21081 // JVNDB: JVNDB-2020-007530 // NVD: CVE-2020-12039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12039
value: LOW

Trust: 1.0

NVD: JVNDB-2020-007530
value: LOW

Trust: 0.8

CNVD: CNVD-2021-21081
value: LOW

Trust: 0.6

CNNVD: CNNVD-202006-1235
value: LOW

Trust: 0.6

VULMON: CVE-2020-12039
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-12039
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-007530
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-21081
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-12039
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007530
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-21081 // VULMON: CVE-2020-12039 // JVNDB: JVNDB-2020-007530 // CNNVD: CNNVD-202006-1235 // NVD: CVE-2020-12039

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.8

problemtype:CWE-259

Trust: 1.0

sources: JVNDB: JVNDB-2020-007530 // NVD: CVE-2020-12039

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1235

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007530

PATCH
title:Top Pageurl:https://www.baxter.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-007530

EXTERNAL IDS
db:ICS CERTid:ICSMA-20-170-04
Trust: 3.1
db:NVDid:CVE-2020-12039
Trust: 3.1
db:JVNid:JVNVU91499991
Trust: 0.8
db:JVNDBid:JVNDB-2020-007530
Trust: 0.8
db:CNVDid:CNVD-2021-21081
Trust: 0.6
db:NSFOCUSid:47304
Trust: 0.6
db:AUSCERTid:ESB-2020.2149
Trust: 0.6
db:CNNVDid:CNNVD-202006-1235
Trust: 0.6
db:VULMONid:CVE-2020-12039
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-21081 // 
            
            
            
            VULMON: CVE-2020-12039 // 
            
            
            
            JVNDB: JVNDB-2020-007530 // 
            
            
            
            CNNVD: CNNVD-202006-1235 // 
            
            
            
            NVD: CVE-2020-12039

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsma-20-170-04
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-12039
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12039
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsma-20-170-04
Trust: 0.8
url:https://jvn.jp/vu/jvnvu91499991/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2149/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47304
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.cisa.gov/uscert/ics/advisories/icsma-20-170-04
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-21081 // 
            
            
            
            VULMON: CVE-2020-12039 // 
            
            
            
            JVNDB: JVNDB-2020-007530 // 
            
            
            
            CNNVD: CNNVD-202006-1235 // 
            
            
            
            NVD: CVE-2020-12039

CREDITS
Baxter
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-1235

SOURCES
db:CNVDid:CNVD-2021-21081
db:VULMONid:CVE-2020-12039
db:JVNDBid:JVNDB-2020-007530
db:CNNVDid:CNNVD-202006-1235
db:NVDid:CVE-2020-12039

LAST UPDATE DATE
2024-11-23T20:04:31.014000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-21081date:2021-03-23T00:00:00
db:VULMONid:CVE-2020-12039date:2020-07-09T00:00:00
db:JVNDBid:JVNDB-2020-007530date:2020-08-17T00:00:00
db:CNNVDid:CNNVD-202006-1235date:2020-07-29T00:00:00
db:NVDid:CVE-2020-12039date:2024-11-21T04:59:09.853

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-21081date:2021-03-23T00:00:00
db:VULMONid:CVE-2020-12039date:2020-06-29T00:00:00
db:JVNDBid:JVNDB-2020-007530date:2020-08-17T00:00:00
db:CNNVDid:CNNVD-202006-1235date:2020-06-18T00:00:00
db:NVDid:CVE-2020-12039date:2020-06-29T14:15:11.617