PT-2020-13013 · Baxter · Baxter Spectrum Wbm+1

Published

2020-06-29

Updated

2022-03-03

CVE-2020-12047

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Baxter Spectrum WBM versions v17, v20D29, v20D30, v20D31, and v22D24 Baxter Spectrum v8.x (model 35700BAX2)

Description The issue concerns the Baxter Spectrum WBM and Baxter Spectrum v8.x, which enable an FTP service with hard-coded credentials when used together in a factory-default wireless configuration.

Recommendations For Baxter Spectrum WBM versions v17, v20D29, v20D30, v20D31, and v22D24, consider disabling the FTP service until a patch is available. For Baxter Spectrum v8.x (model 35700BAX2), restrict access to the factory-default wireless configuration to minimize the risk of exploitation.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-259CWE-798

Related Identifiers

CVE-2020-12047

Affected Products

Baxter Spectrum

Baxter Spectrum Wbm

PT-2020-13013 · Baxter · Baxter Spectrum Wbm+1

CVE-2020-12047

Weakness Enumeration

Related Identifiers

Affected Products

References · 5