{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T13:04:03.241","vulnerabilities":[{"cve":{"id":"CVE-2020-12020","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2020-06-29T14:15:11.210","lastModified":"2024-11-21T04:59:07.700","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user."},{"lang":"es","value":"Baxter ExactaMix EM 2400 Versiones 1.10, 1.11 y 1.13 y ExactaMix EM1200 Versiones 1.1, 1.2 y 1.4, no restringe que los usuarios no administrativos consigan acceso al sistema operativo y editen el script de inicio de la aplicación. Una explotación con éxito de esta vulnerabilidad puede permitir a un atacante alterar el script de inicio como el usuario de acceso limitado"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:P","baseScore":3.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-668"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-668"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:baxter:em2400_firmware:1.10:*:*:*:*:*:*:*","matchCriteriaId":"11DFA9E3-77C8-4978-809C-D5B2EB5B7F7E"},{"vulnerable":true,"criteria":"cpe:2.3:o:baxter:em2400_firmware:1.11:*:*:*:*:*:*:*","matchCriteriaId":"01A12E3A-C493-4696-8031-7A6C1A0FDEF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:baxter:em2400_firmware:1.13:*:*:*:*:*:*:*","matchCriteriaId":"FA3A0CC5-8628-43AB-859D-0EDD439D2C11"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:baxter:em2400:-:*:*:*:*:*:*:*","matchCriteriaId":"244BA6D0-A33D-419C-B532-E62C9AE45F9E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:baxter:em1200_firmware:1.1:*:*:*:*:*:*:*","matchCriteriaId":"FA9FF60A-7CED-4FA3-8247-4EF8FD8BAFD4"},{"vulnerable":true,"criteria":"cpe:2.3:o:baxter:em1200_firmware:1.2:*:*:*:*:*:*:*","matchCriteriaId":"9AC04969-E684-4D21-B889-A76DC4B54017"},{"vulnerable":true,"criteria":"cpe:2.3:o:baxter:em1200_firmware:1.4:*:*:*:*:*:*:*","matchCriteriaId":"8D218ACE-6C3F-4731-AF7B-2290D2A1AE09"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:baxter:em1200:-:*:*:*:*:*:*:*","matchCriteriaId":"9AE1B01A-DA95-477B-95F6-43F8FD7827FF"}]}]}],"references":[{"url":"https://www.us-cert.gov/ics/advisories/icsma-20-170-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.us-cert.gov/ics/advisories/icsma-20-170-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}