{"containers": {"cna": {"affected": [{"product": "Baxter ExactaMix EM 2400 & EM 1200", "vendor": "n/a", "versions": [{"status": "affected", "version": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"}]}], "descriptions": [{"lang": "en", "value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-668", "description": "EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-29T13:51:49.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12020", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Baxter ExactaMix EM 2400 & EM 1200", "version": {"version_data": [{"version_value": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:48:57.381Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12020", "datePublished": "2020-06-29T13:51:49.000Z", "dateReserved": "2020-04-21T00:00:00.000Z", "dateUpdated": "2024-08-04T11:48:57.381Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.10:*:*:*:*:*:*:*", "matchCriteriaId": "11DFA9E3-77C8-4978-809C-D5B2EB5B7F7E", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.11:*:*:*:*:*:*:*", "matchCriteriaId": "01A12E3A-C493-4696-8031-7A6C1A0FDEF4", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.13:*:*:*:*:*:*:*", "matchCriteriaId": "FA3A0CC5-8628-43AB-859D-0EDD439D2C11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:em2400:-:*:*:*:*:*:*:*", "matchCriteriaId": "244BA6D0-A33D-419C-B532-E62C9AE45F9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA9FF60A-7CED-4FA3-8247-4EF8FD8BAFD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9AC04969-E684-4D21-B889-A76DC4B54017", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "8D218ACE-6C3F-4731-AF7B-2290D2A1AE09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:em1200:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AE1B01A-DA95-477B-95F6-43F8FD7827FF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user."}, {"lang": "es", "value": "Baxter ExactaMix EM 2400 Versiones 1.10, 1.11 y 1.13 y ExactaMix EM1200 Versiones 1.1, 1.2 y 1.4, no restringe que los usuarios no administrativos consigan acceso al sistema operativo y editen el script de inicio de la aplicaci\u00f3n. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede permitir a un atacante alterar el script de inicio como el usuario de acceso limitado"}], "id": "CVE-2020-12020", "lastModified": "2024-11-21T04:59:07.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-29T14:15:11.210", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}