CVE-2020-12024

Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...

CVE-2020-12012

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials f...

CVE-2020-12012

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials f...

CVE-2020-12016

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account...

Hardcoded credentials

Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...

CVE-2020-12032

CVE-2020-12032 concerns Baxter ExactaMix EM 2400 (versions 1.10–1.11 and 1.13–1.14 per ICS update) and ExactaMix EM1200 (versions 1.1–1.2, 1.4–1.5 per ICS advisory) where device data is stored in an unencrypted database, enabling a network-attacker to view or modify sensitive data including PHI. ...

CVE-2020-12020

CVE-2020-12020 affects Baxter ExactaMix EM 2400 (versions 1.10, 1.11, 1.13) and ExactaMix EM1200 (versions 1.1, 1.2, 1.4). The Red Hat and ICS advisories describe an improper access control flaw that allows non-administrative users to access the operating system and edit the application startup s...

CVE-2020-12024

Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...

CVE-2020-12024

CVE-2020-12024 affects Baxter ExactaMix EM2400 (versions 1.10, 1.11, 1.13, 1.14) and ExactaMix EM1200 (versions 1.1, 1.2, 1.4, 1.5). Root cause: inadequate restriction of USB interface access by unauthorized users with physical access, enabling loading of unauthorized payloads or direct hard driv...