Details of VAR-202006-0333

ID

VAR-202006-0333

CVE

CVE-2020-12048

TITLE

Phoenix Hemodialysis Delivery System SW Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007828

DESCRIPTION

Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool

Trust: 2.16

sources: NVD: CVE-2020-12048 // JVNDB: JVNDB-2020-007828 // CNVD: CNVD-2021-21082

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-21082

AFFECTED PRODUCTS

vendor:	baxter	model:	phoenix x36	scope:	eq	version:	3.36	Trust: 1.8
vendor:	baxter	model:	phoenix x36	scope:	eq	version:	3.40	Trust: 1.8
vendor:	baxter	model:	phoenix hemodialysis delivery system sw	scope:	eq	version:	3.36	Trust: 0.6
vendor:	baxter	model:	phoenix hemodialysis delivery system sw	scope:	eq	version:	3.40	Trust: 0.6

sources: CNVD: CNVD-2021-21082 // JVNDB: JVNDB-2020-007828 // NVD: CVE-2020-12048

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12048
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-007828
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-21082
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1238
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-12048
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-007828
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-21082
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-12048
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-007828
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-21082 // JVNDB: JVNDB-2020-007828 // CNNVD: CNNVD-202006-1238 // NVD: CVE-2020-12048

PROBLEMTYPE DATA

problemtype:

CWE-319

Trust: 1.8

sources: JVNDB: JVNDB-2020-007828 // NVD: CVE-2020-12048

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1238

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1238

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007828

PATCH

title:

PHOENIX X36

url:

https://econnect.baxter.com/assets/downloads/products_expertise/renal_therapies/Phoenix_X36_Brochure_FINAL.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2020-007828

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12048	Trust: 3.0
db:	ICS CERT	id:	ICSMA-20-170-03	Trust: 3.0
db:	JVN	id:	JVNVU91499991	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-007828	Trust: 0.8
db:	CNVD	id:	CNVD-2021-21082	Trust: 0.6
db:	NSFOCUS	id:	47297	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1238	Trust: 0.6

sources: CNVD: CNVD-2021-21082 // JVNDB: JVNDB-2020-007828 // CNNVD: CNNVD-202006-1238 // NVD: CVE-2020-12048

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsma-20-170-03	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12048	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12048	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91499991/	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47297	Trust: 0.6

sources: CNVD: CNVD-2021-21082 // JVNDB: JVNDB-2020-007828 // CNNVD: CNNVD-202006-1238 // NVD: CVE-2020-12048

CREDITS

Baxter

Trust: 0.6

sources: CNNVD: CNNVD-202006-1238

SOURCES

db:	CNVD	id:	CNVD-2021-21082
db:	JVNDB	id:	JVNDB-2020-007828
db:	CNNVD	id:	CNNVD-202006-1238
db:	NVD	id:	CVE-2020-12048

LAST UPDATE DATE

2024-11-23T19:42:06.603000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-21082	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-007828	date:	2020-08-27T00:00:00
db:	CNNVD	id:	CNNVD-202006-1238	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2020-12048	date:	2024-11-21T04:59:10.710

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-21082	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-007828	date:	2020-08-27T00:00:00
db:	CNNVD	id:	CNNVD-202006-1238	date:	2020-06-18T00:00:00
db:	NVD	id:	CVE-2020-12048	date:	2020-06-29T14:15:11.990