7.5
CVE-2020-12008
- EPSS 0.11%
- Veröffentlicht 29.06.2020 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:59:06
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginBaxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Baxter ≫ Em2400 Firmware Version1.10
Baxter ≫ Em2400 Firmware Version1.11
Baxter ≫ Em1200 Firmware Version1.1
Baxter ≫ Em1200 Firmware Version1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.269 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.