ICSMA-20-170-01 · Published 2020-06-23 · View on CISA ICS-CERT ↗

Baxter ExactaMix (Update A)

CVSS 8.1 HIGH CISA KEV — Known Exploited

Risk Summary

Successful exploitation of these vulnerabilities could result in unauthorized access to sensitive data, alteration of system configuration, alteration of system resources, and impact to system availability.

CVEs (7)

CVE-2020-12016 CVE-2020-12012 CVE-2020-12008 CVE-2020-12032 CVE-2020-12024 CVE-2020-12020 CVE-2017-0143

Remediations

Baxter recommends that users of the ExactaMix EM 2400 Versions 1.10 and 1.11, and ExactaMix EM1200 Versions 1.1 and 1.2, should contact the service support team or regional product service support to upgrade to the ExactaMix Version 1.4 (EM1200) and ExactaMix Version 1.13 (EM2400) compounders. For all users, Baxter recommends the following compensating controls including, but not limited to:
Baxter separately provided an ExactaMix Cybersecurity Guide, instructing users on good cybersecurity practices relevant to the use of the ExactaMix product. The guide can be requested from [email protected]
For additional information please see the Baxter Product Security Bulletin.

Affected Vendors

Baxter

Affected Products (2)

Baxter · ExactaMix EM2400 1.10 | 1.11 | 1.13 | 1.14

Baxter · ExactaMix EM1200 1.1 | 1.2 | 1.4 | 1.5

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more