PT-2020-13011 · Baxter · Baxter Spectrum Wbm+1

Published

2020-06-29

Updated

2022-03-03

CVE-2020-12045

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Baxter Spectrum WBM versions v17, v20D29, v20D30, v20D31, and v22D24 Baxter Spectrum v8.x (model 35700BAX2)

Description The Baxter Spectrum WBM, when used with a Baxter Spectrum v8.x, operates a Telnet service on Port 1023 with hard-coded credentials.

Recommendations For Baxter Spectrum WBM versions v17, v20D29, v20D30, v20D31, and v22D24, consider disabling the Telnet service on Port 1023 as a temporary workaround until a patch is available. For Baxter Spectrum v8.x (model 35700BAX2), restrict access to the Telnet service on Port 1023 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-259CWE-798

Related Identifiers

CVE-2020-12045

Affected Products

Baxter Spectrum

Baxter Spectrum Wbm

PT-2020-13011 · Baxter · Baxter Spectrum Wbm+1

CVE-2020-12045

Weakness Enumeration

Related Identifiers

Affected Products

References · 5