16 matches found
CVE-2020-12016
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account...
CVE-2020-12012
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials f...
CVE-2020-12024
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...
CVE-2020-12008
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI...
Hardcoded credentials
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...
Information disclosure
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI...
Design/Logic Flaw
Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an...
Hardcoded credentials
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account...
CVE-2020-12012
CVE-2020-12012 affects Baxter ExactaMix EM2400 and EM1200 systems (versions listed in connected documents). The root cause is hard-coded administrative credentials in the ExactaMix application, enabling an attacker with physical access to view/update system configuration and data, potentially exp...
CVE-2020-12016
CVE-2020-12016 affects Baxter ExactaMix EM2400 (versions 1.10, 1.11, 1.13, 1.14) and EM1200 (versions 1.1, 1.2, 1.4, 1.5). The root cause is hard-coded administrative credentials in the ExactaMix operating system, enabling an attacker with network access to gain unauthorized system access and pot...
CVE-2020-12008
CVE-2020-12008 affects Baxter ExactaMix EM 2400 (versions 1.10, 1.11) and ExactaMix EM1200 (versions 1.1, 1.2), where cleartext transmission of order information can expose PHI over the network. The connected Red Hat and ICS advisories corroborate the issue as a cleartext data exposure vulnerabil...
CVE-2020-12032
CVE-2020-12032 concerns Baxter ExactaMix EM 2400 (versions 1.10–1.11 and 1.13–1.14 per ICS update) and ExactaMix EM1200 (versions 1.1–1.2, 1.4–1.5 per ICS advisory) where device data is stored in an unencrypted database, enabling a network-attacker to view or modify sensitive data including PHI. ...
CVE-2020-12020
Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an...
CVE-2020-12020
CVE-2020-12020 affects Baxter ExactaMix EM 2400 (versions 1.10, 1.11, 1.13) and ExactaMix EM1200 (versions 1.1, 1.2, 1.4). The Red Hat and ICS advisories describe an improper access control flaw that allows non-administrative users to access the operating system and edit the application startup s...
CVE-2020-12024
CVE-2020-12024 affects Baxter ExactaMix EM2400 (versions 1.10, 1.11, 1.13, 1.14) and ExactaMix EM1200 (versions 1.1, 1.2, 1.4, 1.5). Root cause: inadequate restriction of USB interface access by unauthorized users with physical access, enabling loading of unauthorized payloads or direct hard driv...
CVE-2020-12024
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...