Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in Baxter ExactaMix



Published: 2020-06-19
Severity High
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2020-12008
CVE-2020-12032
CVE-2017-0143
CWE ID CWE-319
CWE-311
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe
ExactaMix EM1200
Hardware solutions / Medical equipment

ExactaMix EM2400
Hardware solutions / Medical equipment

Vendor Baxter

Security Advisory

1) Cleartext transmission of sensitive information

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-12008

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can gain access to sensitive data including PHI.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ExactaMix EM1200: 1.1, 1.2

ExactaMix EM2400: 1.10, 1.11

CPE External links

https://ics-cert.us-cert.gov/advisories/icsma-20-170-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Missing Encryption of Sensitive Data

Severity: Medium

CVSSv3: 6.1 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-12032

CWE-ID: CWE-311 - Missing Encryption of Sensitive Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected software stores device data with sensitive information in an unencrypted database. A remote attacker can view or modify sensitive data including PHI.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ExactaMix EM1200: 1.1, 1.2

ExactaMix EM2400: 1.10, 1.11

CPE External links

https://ics-cert.us-cert.gov/advisories/icsma-20-170-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

Severity: High

CVSSv3: 9.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C] [PCI]

CVE-ID: CVE-2017-0143

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an error when parsing requests in Microsoft Server Message Block 1.0 (SMBv1) server. A remote unauthenticated attacker can send specially crafted SMB packets and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ExactaMix EM1200: 1.1, 1.2

ExactaMix EM2400: 1.10, 1.11

CPE External links

https://ics-cert.us-cert.gov/advisories/icsma-20-170-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.