Login Sign Up

CVE-2020-12043

9.8 CRITICAL

📋 TL;DR

This vulnerability in Baxter Spectrum WBM allows attackers to maintain persistent FTP access even after wireless networking is disabled, until the device is rebooted. It affects healthcare organizations using vulnerable versions of the Baxter Spectrum WBM configured for wireless networking.

💻 Affected Systems

Products:
  • Baxter Spectrum WBM
Versions: v17, v20D29, v20D30, v20D31, v22D24
Operating Systems: Embedded/Proprietary
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices configured for wireless networking; the FTP service remains active until reboot after wireless is disabled.

📦 What is this software?

Sigma Spectrum Infusion System Firmware by Baxter

View all CVEs affecting Sigma Spectrum Infusion System Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could exfiltrate sensitive patient data, modify device configurations, or disrupt medical operations via unauthorized FTP access.

🟠

Likely Case

Unauthorized access to FTP service leading to data theft or configuration changes.

🟢

If Mitigated

Limited impact if wireless networking is disabled and devices are regularly rebooted.

🌐 Internet-Facing: HIGH if wireless networking is enabled and devices are exposed to untrusted networks.
🏢 Internal Only: MEDIUM due to potential insider threats or lateral movement within healthcare networks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to the FTP service, which remains active post-configuration change.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with Baxter for specific patched versions; refer to ICSMA-20-170-04.

Vendor Advisory: https://www.us-cert.gov/ics/advisories/icsma-20-170-04

Restart Required: Yes

Instructions:

1. Contact Baxter for patches or updates. 2. Apply patches as per vendor instructions. 3. Reboot the WBM device after patching.

🔧 Temporary Workarounds

Disable Wireless Networking and Reboot

all

Turn off wireless networking and reboot the WBM to stop the FTP service.

No specific commands; use device interface to disable wireless and reboot.

Network Segmentation

all

Isolate WBM devices on segmented networks to limit FTP access.

Configure firewall rules to block FTP traffic (port 21) to/from WBM.

🧯 If You Can't Patch

  • Disable wireless networking and schedule regular reboots of WBM devices.
  • Implement strict network access controls and monitor for unauthorized FTP connections.

🔍 How to Verify

Check if Vulnerable:

Check if WBM is running affected versions and has wireless networking enabled; test FTP connectivity after disabling wireless without reboot.

Check Version:

Use device interface or vendor tools to check WBM firmware version.

Verify Fix Applied:

After patching or workaround, confirm FTP service is not accessible when wireless is disabled.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected FTP login attempts or file transfers in device logs.

Network Indicators:

  • FTP traffic (port 21) to/from WBM devices, especially after wireless is disabled.

SIEM Query:

Example: 'source_ip:WBM_IP AND destination_port:21' for FTP connections.

📊 Metadata

CVE ID: CVE-2020-12043
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-672
Published: June 29, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-12043, you might also want to check these:

CVE-2019-17638 9.4

CVE-2019-17638 is a critical information disclosure vulnerability in Eclipse Jetty where improper bu...

Same vulnerability type (CWE-672)
CVE-2024-47571 8.1

This vulnerability in Fortinet FortiManager allows attackers with valid credentials to gain improper...

Same vulnerability type (CWE-672)
CVE-2020-25221 7.8

CVE-2020-25221 is a privilege escalation vulnerability in Linux kernel 5.7.x and 5.8.x due to incorr...

Same vulnerability type (CWE-672)