CVE-2020-12016

Name of the Vulnerable Software and Affected Versions Baxter ExactaMix EM 2400 versions 1.10 through 1.14 Baxter ExactaMix EM 1200 versions 1.1 through 1.5

Description The issue concerns hard-coded administrative account credentials for the ExactaMix operating system. This could allow an attacker with network access to view sensitive data, including Protected Health Information (PHI), and gain unauthorized access to system resources, enabling them to execute software or view and update files, directories, or system configuration.

Recommendations For Baxter ExactaMix EM 2400 versions 1.10 through 1.14, consider disabling the administrative account until a patch is available to prevent exploitation. For Baxter ExactaMix EM 1200 versions 1.1 through 1.5, restrict access to the ExactaMix operating system to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.