GCVE - cpe:2.3:o:baxter:em2400_firmware:1.10:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:baxter:em2400_firmware:1.10:*:*:*:*:*:*:*

part: o version: 1.10 update: *

Vendor	Baxter (`a179c94a-1aed-5d11-8395-fe3753820594`)
Product	Em2400 Firmware (`0297bf0f-1047-5c3d-abb9-d9cebaea935d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-12032`	vulnerable	2026-06-03 14:41:33.168727	Details available Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI. Published: 2020-06-29T13:53:23.000Z Updated: 2024-08-04T11:48:57.903Z Open on db.gcve.eu Reference links https://www.us-cert.gov/ics/advisories/icsma-20-170-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-12024`	vulnerable	2026-06-03 14:41:33.147167	Details available Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI. Published: 2020-06-29T13:51:31.000Z Updated: 2024-08-04T11:48:58.000Z Open on db.gcve.eu Reference links https://www.us-cert.gov/ics/advisories/icsma-20-170-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-12020`	vulnerable	2026-06-03 14:41:33.138204	Details available Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user. Published: 2020-06-29T13:51:49.000Z Updated: 2024-08-04T11:48:57.381Z Open on db.gcve.eu Reference links https://www.us-cert.gov/ics/advisories/icsma-20-170-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-12016`	vulnerable	2026-06-03 14:41:33.124643	Details available Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI. Published: 2020-06-29T13:54:50.000Z Updated: 2024-08-04T11:48:57.993Z Open on db.gcve.eu Reference links https://www.us-cert.gov/ics/advisories/icsma-20-170-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-12012`	vulnerable	2026-06-03 14:41:33.116283	Details available Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI. Published: 2020-06-29T13:54:53.000Z Updated: 2024-08-04T11:48:57.903Z Open on db.gcve.eu Reference links https://www.us-cert.gov/ics/advisories/icsma-20-170-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-12008`	vulnerable	2026-06-03 14:41:33.105114	Details available Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI. Published: 2020-06-29T13:53:25.000Z Updated: 2024-08-04T11:48:57.121Z Open on db.gcve.eu Reference links https://www.us-cert.gov/ics/advisories/icsma-20-170-01	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.