CVE-2020-12012

Name of the Vulnerable Software and Affected Versions Baxter ExactaMix EM 2400 versions 1.10 through 1.14 Baxter ExactaMix EM 1200 versions 1.1 through 1.5

Description The ExactaMix application has hard-coded administrative account credentials. Successful exploitation of this issue may allow an attacker with physical access to gain unauthorized access to view or update system configuration or data, potentially impacting confidentiality and integrity and risking exposure of sensitive information, including Protected Health Information (PHI).

Recommendations For Baxter ExactaMix EM 2400 versions 1.10 through 1.14, consider changing the hard-coded administrative account credentials to unique, secure credentials. For Baxter ExactaMix EM 1200 versions 1.1 through 1.5, consider changing the hard-coded administrative account credentials to unique, secure credentials. As a temporary workaround, restrict physical access to the system to minimize the risk of exploitation.