CVE-2020-12041 - OpenCVE

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Baxter	Sigma Spectrum Infusion System Sigma Spectrum Infusion System Firmware Wireless Battery Module

Configuration 1 [-]

AND

cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:8.0:*:*:*:*:*:*:*

OR	cpe:2.3:h:baxter:sigma_spectrum_infusion_system:-:::::::*
	cpe:2.3:h:baxter:wireless_battery_module:17:::::::*
	cpe:2.3:h:baxter:wireless_battery_module:20d29:::::::*
	cpe:2.3:h:baxter:wireless_battery_module:20d30:::::::*
	cpe:2.3:h:baxter:wireless_battery_module:20d31:::::::*
	cpe:2.3:h:baxter:wireless_battery_module:22d24:::::::*

No data.

References

Link	Providers
https://www.us-cert.gov/ics/advisories/icsma-20-170-04

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2020-06-29T13:43:52

Updated: 2024-08-04T11:48:57.710Z

Reserved: 2020-04-21T00:00:00

Link: CVE-2020-12041

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-06-29T14:15:11.757

Modified: 2020-07-08T15:22:44.550

Link: CVE-2020-12041

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Baxter Sigma Spectrum Infusion Pumps", "vendor": "n/a", "versions": [{"status": "affected", "version": "Sigma Spectrum v6.x model 35700BAX, Baxter Spectrum v8.x model 35700BAX2,Sigma Spectrum v6.x with Wireless Battery Module v9,11,13,14,15,16,v20D29,v20D30,v20D31,v22D24, Baxter Spectrum v8.x with Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24,Baxter Spectrum Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24,Baxter Spectrum LVP v8.x w/Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24"}]}], "descriptions": [{"lang": "en", "value": "The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-29T13:43:52", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12041", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Baxter Sigma Spectrum Infusion Pumps", "version": {"version_data": [{"version_value": "Sigma Spectrum v6.x model 35700BAX, Baxter Spectrum v8.x model 35700BAX2,Sigma Spectrum v6.x with Wireless Battery Module v9,11,13,14,15,16,v20D29,v20D30,v20D31,v22D24, Baxter Spectrum v8.x with Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24,Baxter Spectrum Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24,Baxter Spectrum LVP v8.x w/Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:48:57.710Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12041", "datePublished": "2020-06-29T13:43:52", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:57.710Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "72D0F7CB-3D24-4A8D-826D-ACB20ACBEB1C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:sigma_spectrum_infusion_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "49E25260-EC14-4E98-A86B-CBBE47E26AE5", "vulnerable": false}, {"criteria": "cpe:2.3:h:baxter:wireless_battery_module:17:*:*:*:*:*:*:*", "matchCriteriaId": "7DD7F5A5-FDC7-4976-910E-C1AFD2D61BA3", "vulnerable": false}, {"criteria": "cpe:2.3:h:baxter:wireless_battery_module:20d29:*:*:*:*:*:*:*", "matchCriteriaId": "30CE6E9A-4921-46B4-946D-A84A92F99855", "vulnerable": false}, {"criteria": "cpe:2.3:h:baxter:wireless_battery_module:20d30:*:*:*:*:*:*:*", "matchCriteriaId": "CB987049-C099-482C-83FB-ECBF43C71DE5", "vulnerable": false}, {"criteria": "cpe:2.3:h:baxter:wireless_battery_module:20d31:*:*:*:*:*:*:*", "matchCriteriaId": "89077083-BD72-499F-8628-F34052747F01", "vulnerable": false}, {"criteria": "cpe:2.3:h:baxter:wireless_battery_module:22d24:*:*:*:*:*:*:*", "matchCriteriaId": "FE329FD7-E3C9-4908-8273-231BF132915D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot."}, {"lang": "es", "value": "La Interfaz de L\u00ednea de Comandos telnet de Baxter Spectrum WBM (versiones v17, v20D29, v20D30, v20D31 y v22D24), otorga acceso a datos confidenciales almacenados en el WBM que permite cambios de configuraci\u00f3n temporales en ajustes de red del WBM y permite que el WBM sea reiniciado. Los cambios de configuraci\u00f3n temporales de la red son eliminados al reiniciar"}], "id": "CVE-2020-12041", "lastModified": "2020-07-08T15:22:44.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-29T14:15:11.757", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}