Lucene search

[email protected]NVD:CVE-2020-12020

HistoryJun 29, 2020 - 2:15 p.m.

CVE-2020-12020

2020-06-2914:15:11

CWE-668

[email protected]

web.nvd.nist.gov

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

0.0004 Low

EPSS

Percentile

10.6%

JSON

Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.

Affected configurations

NVD

Node

baxterem2400_firmwareMatch1.10

baxterem2400_firmwareMatch1.11

baxterem2400_firmwareMatch1.13

AND

baxterem2400Match-

Node

baxterem1200_firmwareMatch1.1

baxterem1200_firmwareMatch1.2

baxterem1200_firmwareMatch1.4

AND

baxterem1200Match-

References

www.us-cert.gov/ics/advisories/icsma-20-170-01

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

0.0004 Low

EPSS

Percentile

10.6%

JSON

Related for NVD:CVE-2020-12020

prion1 cve1 cvelist1 ics1