6.1

CVE-2020-12020

EPSS 0.06%
Veröffentlicht 29.06.2020 14:15:11
Zuletzt bearbeitet 21.11.2024 04:59:07
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Baxter ≫ Em2400 Firmware Version1.10

Baxter ≫ Em2400 Version-

Baxter ≫ Em2400 Firmware Version1.11

Baxter ≫ Em2400 Version-

Baxter ≫ Em2400 Firmware Version1.13

Baxter ≫ Em2400 Version-

Baxter ≫ Em1200 Firmware Version1.1

Baxter ≫ Em1200 Version-

Baxter ≫ Em1200 Firmware Version1.2

Baxter ≫ Em1200 Version-

Baxter ≫ Em1200 Firmware Version1.4

Baxter ≫ Em1200 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.139

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	1.8	4.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:N/I:P/A:P

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-12020

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12020

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12020

EUVD