{"containers": {"cna": {"affected": [{"product": "Baxter ExactaMix EM 2400 & EM 1200", "vendor": "n/a", "versions": [{"status": "affected", "version": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"}]}], "descriptions": [{"lang": "en", "value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-311", "description": "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-29T13:53:23", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12032", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Baxter ExactaMix EM 2400 & EM 1200", "version": {"version_data": [{"version_value": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12032", "datePublished": "2020-06-29T13:53:23", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2020-06-29T13:53:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.10:*:*:*:*:*:*:*", "matchCriteriaId": "11DFA9E3-77C8-4978-809C-D5B2EB5B7F7E", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:em2400_firmware:1.11:*:*:*:*:*:*:*", "matchCriteriaId": "01A12E3A-C493-4696-8031-7A6C1A0FDEF4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:em2400:-:*:*:*:*:*:*:*", "matchCriteriaId": "244BA6D0-A33D-419C-B532-E62C9AE45F9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA9FF60A-7CED-4FA3-8247-4EF8FD8BAFD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:baxter:em1200_firmware:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9AC04969-E684-4D21-B889-A76DC4B54017", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baxter:em1200:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AE1B01A-DA95-477B-95F6-43F8FD7827FF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI."}, {"lang": "es", "value": "Los sistemas Baxter ExactaMix EM 2400 Versiones 1.10, 1.11 y ExactaMix EM1200 Versiones 1.1, 1.2, almacenan datos del dispositivo con informaci\u00f3n confidencial en una base de datos sin cifrar. Esto podr\u00eda permitir a un atacante con acceso a la red visualizar o modificar datos confidenciales, incluyendo la PHI"}], "id": "CVE-2020-12032", "lastModified": "2021-11-04T17:37:39.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-29T14:15:11.333", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-311"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}