Vulnerability Details CVE-2020-12040
Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
Products affected by CVE-2020-12040
-
cpe:2.3:h:baxter:sigma_spectrum_infusion_system:-
-
cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:6.0
-
cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:6.05
-
cpe:2.3:o:baxter:sigma_spectrum_infusion_system_firmware:8.0