QwikSec

Security Database

CVE

CWE

Training

CVE-2020-12020

Published: Jun 29, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.

Vendor	Product	Versions
n/a	Baxter ExactaMix EM 2400 & EM 1200	affected `ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5`

Weaknesses (CWE)

References

https://www.us-cert.gov/ics/advisories/icsma-20-170-01

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.