CVE-2020-12032
📋 TL;DR
Baxter ExactaMix EM systems store sensitive patient health information (PHI) in unencrypted databases, allowing attackers with network access to view or modify protected medical data. This affects healthcare organizations using Baxter ExactaMix EM 2400 and EM 1200 systems for medication compounding. The vulnerability exposes sensitive patient information and could impact treatment safety.
💻 Affected Systems
- Baxter ExactaMix EM 2400
- Baxter ExactaMix EM 1200
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could modify medication formulas, dosages, or patient data leading to incorrect treatments, patient harm, or fatalities. PHI could be stolen for identity theft or extortion.
Likely Case
Unauthorized access to sensitive patient health information (PHI) leading to privacy violations and potential regulatory penalties under HIPAA.
If Mitigated
Limited exposure if systems are properly segmented with strict network access controls and monitored for unauthorized access attempts.
🎯 Exploit Status
Exploitation requires network access to the device but no authentication. The vulnerability is in data storage, not requiring complex exploitation techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Contact Baxter for specific patched versions
Vendor Advisory: https://www.us-cert.gov/ics/advisories/icsma-20-170-01
Restart Required: Yes
Instructions:
1. Contact Baxter customer support for patched firmware
2. Schedule maintenance window for device update
3. Apply firmware update following Baxter instructions
4. Verify database encryption is enabled post-update
🔧 Temporary Workarounds
Network Segmentation
allIsolate ExactaMix systems on separate VLANs with strict firewall rules
Access Control Lists
allImplement IP-based restrictions to allow only authorized pharmacy systems to communicate with ExactaMix devices
🧯 If You Can't Patch
- Segment network: Place ExactaMix systems on isolated VLANs with no internet access
- Implement strict access controls: Allow only necessary pharmacy systems to communicate with these devices
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via Baxter device interface or contact Baxter supportCheck Version:
Check via Baxter device interface or contact Baxter support for version verificationVerify Fix Applied:
Verify database encryption is enabled in device settings and confirm with Baxter that patched firmware is installed📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to device databases
- Unusual network connections to ExactaMix systems
Network Indicators:
- Unexpected database queries to ExactaMix systems
- Traffic to/from ExactaMix devices from unauthorized IPs
SIEM Query:
source_ip NOT IN (authorized_pharmacy_ips) AND dest_ip IN (exactamix_device_ips)