CVE-2020-12040

2020-06-2913:45:58

CWE-319

icscert

www.cve.org

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.6%

JSON

Sigma Spectrum Infusion System v’s6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack.

CNA Affected

[
  {
    "product": "Baxter Sigma Spectrum Infusion Pumps",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Sigma Spectrum v6.x model 35700BAX, Baxter Spectrum v8.x model 35700BAX2,Sigma Spectrum v6.x with Wireless Battery Module v9,11,13,14,15,16,v20D29,v20D30,v20D31,v22D24, Baxter Spectrum v8.x with Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24,Baxter Spectrum Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24,Baxter Spectrum LVP v8.x w/Wireless Battery Module v17,v20D29,v20D30,v20D31,v22D24"
      }
    ]
  }
]

References

www.us-cert.gov/ics/advisories/icsma-20-170-04