CVE-2020-12040

Опубликовано: 29 июн. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack.

Ссылки

https://www.us-cert.gov/ics/advisories/icsma-20-170-04
Third Party Advisory
US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-20-170-04
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.05 (включая)

cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:8.0:*:*:*:*:*:*:*

cpe:2.3:h:baxter:sigma_spectrum_infusion_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00199

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-mr8w-rm42-6ph4

github

больше 3 лет назад