// For flags

CVE-2020-12040

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack.

Sigma Spectrum Infusion System versiones v's6.x (modelo 35700BAX) y Baxter Spectrum Infusion System versiones 8.x (modelo 35700BAX2), en la capa de aplicación utilizan un canal de comunicación de texto sin cifrar no autenticado para enviar y recibir el estado del sistema y los datos operativos. Esto podría permitir a un atacante que haya eludido las medidas de seguridad de la red visualizar datos confidenciales no privados o llevar a cabo un ataque de tipo man-in-the-middle

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-04-21 CVE Reserved
  • 2020-06-29 CVE Published
  • 2023-03-15 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (1)
URL Tag Source
https://www.us-cert.gov/ics/advisories/icsma-20-170-04 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Baxter
Search vendor "Baxter"
 Sigma Spectrum Infusion System Firmware
Search vendor "Baxter" for product "Sigma Spectrum Infusion System Firmware"
 >= 6.0 <= 6.05
Search vendor "Baxter" for product "Sigma Spectrum Infusion System Firmware" and version " >= 6.0 <= 6.05"
-
Affected
in Baxter
Search vendor "Baxter"
 Sigma Spectrum Infusion System
Search vendor "Baxter" for product "Sigma Spectrum Infusion System"
--
Safe
Baxter
Search vendor "Baxter"
 Sigma Spectrum Infusion System Firmware
Search vendor "Baxter" for product "Sigma Spectrum Infusion System Firmware"
 8.0
Search vendor "Baxter" for product "Sigma Spectrum Infusion System Firmware" and version "8.0"
-
Affected
in Baxter
Search vendor "Baxter"
 Sigma Spectrum Infusion System
Search vendor "Baxter" for product "Sigma Spectrum Infusion System"
--
Safe