CVE-2020-12047 - Vulnerability Details - OpenCVE

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Baxter	Sigma Spectrum Infusion System Sigma Spectrum Infusion System Firmware Wireless Battery Module

Configuration 1 [-]

AND

cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:8.0:*:*:*:*:*:*:*

OR	cpe:2.3:h:baxter:sigma_spectrum_infusion_system:-:::::::*
	cpe:2.3:h:baxter:wireless_battery_module:17:::::::*
	cpe:2.3:h:baxter:wireless_battery_module:20d29:::::::*
	cpe:2.3:h:baxter:wireless_battery_module:20d30:::::::*
	cpe:2.3:h:baxter:wireless_battery_module:20d31:::::::*
	cpe:2.3:h:baxter:wireless_battery_module:22d24:::::::*

No data.

References

Link	Providers
https://www.us-cert.gov/ics/advisories/icsma-20-170-04

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2020-06-29T13:41:37

Updated: 2024-08-04T11:48:57.938Z

Reserved: 2020-04-21T00:00:00

Link: CVE-2020-12047

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-06-29T14:15:11.943

Modified: 2024-11-21T04:59:10.573

Link: CVE-2020-12047

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Baxter Sigma Spectrum Infusion Pumps", "vendor": "n/a", "versions": [{"status": "affected", "version": "Sigma Spectrum v6.x model 35700BAX,Spectrum v8.x model 35700BAX2,Sigma Spectrum v6.x with Wireless Battery Module (WBM) v9,v11,v13,v14,v15,v16,v20D29,v20D30,v20D31,v22D24, Spectrum v8.x w/WBM v17,v20D29,v20D30,v20D31,v22D24,Spectrum WBM v17,v20D29,v20D30,v20D31,v22D24,Spectrum LVP v8.x with WBM v17, v20D29,v20D30,v20D31,and v22D24"}]}], "descriptions": [{"lang": "en", "value": "The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-259", "description": "USE OF HARD-CODED PASSWORD CWE-259", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-29T13:41:37", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12047", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Baxter Sigma Spectrum Infusion Pumps", "version": {"version_data": [{"version_value": "Sigma Spectrum v6.x model 35700BAX,Spectrum v8.x model 35700BAX2,Sigma Spectrum v6.x with Wireless Battery Module (WBM) v9,v11,v13,v14,v15,v16,v20D29,v20D30,v20D31,v22D24, Spectrum v8.x w/WBM v17,v20D29,v20D30,v20D31,v22D24,Spectrum WBM v17,v20D29,v20D30,v20D31,v22D24,Spectrum LVP v8.x with WBM v17, v20D29,v20D30,v20D31,and v22D24"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "USE OF HARD-CODED PASSWORD CWE-259"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:48:57.938Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12047", "datePublished": "2020-06-29T13:41:37", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:57.938Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "72D0F7CB-3D24-4A8D-826D-ACB20ACBEB1C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:sigma_spectrum_infusion_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "49E25260-EC14-4E98-A86B-CBBE47E26AE5", "vulnerable": false}, {"criteria": "cpe:2.3:h:baxter:wireless_battery_module:17:*:*:*:*:*:*:*", "matchCriteriaId": "7DD7F5A5-FDC7-4976-910E-C1AFD2D61BA3", "vulnerable": false}, {"criteria": "cpe:2.3:h:baxter:wireless_battery_module:20d29:*:*:*:*:*:*:*", "matchCriteriaId": "30CE6E9A-4921-46B4-946D-A84A92F99855", "vulnerable": false}, {"criteria": "cpe:2.3:h:baxter:wireless_battery_module:20d30:*:*:*:*:*:*:*", "matchCriteriaId": "CB987049-C099-482C-83FB-ECBF43C71DE5", "vulnerable": false}, {"criteria": "cpe:2.3:h:baxter:wireless_battery_module:20d31:*:*:*:*:*:*:*", "matchCriteriaId": "89077083-BD72-499F-8628-F34052747F01", "vulnerable": false}, {"criteria": "cpe:2.3:h:baxter:wireless_battery_module:22d24:*:*:*:*:*:*:*", "matchCriteriaId": "FE329FD7-E3C9-4908-8273-231BF132915D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials."}, {"lang": "es", "value": "El Baxter Spectrum WBM (versiones v17, v20D29, v20D30, v20D31 y v22D24), cuando es usado con un Baxter Spectrum versi\u00f3n v8.x (modelo 35700BAX2), en una configuraci\u00f3n inal\u00e1mbrica predeterminada de f\u00e1brica, permite un servicio FTP con credenciales embebidas"}], "id": "CVE-2020-12047", "lastModified": "2024-11-21T04:59:10.573", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-29T14:15:11.943", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-259"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}