PT-2020-12980 · Baxter · Baxter Exactamix Em1200+1
Published
2020-06-29
·
Updated
2020-07-08
·
CVE-2020-12008
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Baxter ExactaMix EM 2400 versions 1.10 through 1.11
Baxter ExactaMix EM1200 versions 1.1 through 1.2
Description
The systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including Protected Health Information (PHI).
Recommendations
For Baxter ExactaMix EM 2400 versions 1.10 through 1.11, consider implementing encryption for communication between the system and the order entry system to protect sensitive data.
For Baxter ExactaMix EM1200 versions 1.1 through 1.2, consider implementing encryption for communication between the system and the order entry system to protect sensitive data.
As a temporary workaround, consider restricting network access to the systems to minimize the risk of exploitation.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Baxter Exactamix Em 2400
Baxter Exactamix Em1200