Search criteria
8 vulnerabilities found for Baxter Spectrum Wireless Battery Module (WBM) by Baxter
CVE-2022-26390 (GCVE-0-2022-26390)
Vulnerability from cvelistv5 – Published: 2022-09-09 14:40 – Updated: 2024-09-17 04:09
VLAI?
Summary
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.
Severity ?
4.2 (Medium)
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) |
Affected:
16
Affected: 16D38 Affected: 17 Affected: 17D19 Affected: 20D29 Affected: 20D30 Affected: 20D31 Affected: 20D32 Affected: 22D19 Affected: 22D20 Affected: 22D21 Affected: 22D22 Affected: 22D23 Affected: 22D24 Affected: 22D25 Affected: 22D26 Affected: 22D27 Affected: 22D28 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter Spectrum Wireless Battery Module (WBM)",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "16D38"
},
{
"status": "affected",
"version": "17"
},
{
"status": "affected",
"version": "17D19"
},
{
"status": "affected",
"version": "20D29"
},
{
"status": "affected",
"version": "20D30"
},
{
"status": "affected",
"version": "20D31"
},
{
"status": "affected",
"version": "20D32"
},
{
"status": "affected",
"version": "22D19"
},
{
"status": "affected",
"version": "22D20"
},
{
"status": "affected",
"version": "22D21"
},
{
"status": "affected",
"version": "22D22"
},
{
"status": "affected",
"version": "22D23"
},
{
"status": "affected",
"version": "22D24"
},
{
"status": "affected",
"version": "22D25"
},
{
"status": "affected",
"version": "22D26"
},
{
"status": "affected",
"version": "22D27"
},
{
"status": "affected",
"version": "22D28"
}
]
}
],
"datePublic": "2022-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn\u0027t had all data and settings erased may be able to extract sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:40:06",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unencrypted internal storage of security credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@baxter.com",
"DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
"ID": "CVE-2022-26390",
"STATE": "PUBLIC",
"TITLE": "Unencrypted internal storage of security credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "16",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "16D38",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17D19",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D29",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D30",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D31",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D32",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D19",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D20",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D21",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D22",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D23",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D24",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D25",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D26",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D27",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D28",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Baxter"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn\u0027t had all data and settings erased may be able to extract sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26390",
"datePublished": "2022-09-09T14:40:06.351985Z",
"dateReserved": "2022-03-03T00:00:00",
"dateUpdated": "2024-09-17T04:09:45.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26392 (GCVE-0-2022-26392)
Vulnerability from cvelistv5 – Published: 2022-09-09 14:40 – Updated: 2024-09-17 02:31
VLAI?
Summary
The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.
Severity ?
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) |
Affected:
16
Affected: 16D38 Affected: 17 Affected: 17D19 Affected: 20D29 Affected: 20D30 Affected: 20D31 Affected: 20D32 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter Spectrum Wireless Battery Module (WBM)",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "16D38"
},
{
"status": "affected",
"version": "17"
},
{
"status": "affected",
"version": "17D19"
},
{
"status": "affected",
"version": "20D29"
},
{
"status": "affected",
"version": "20D30"
},
{
"status": "affected",
"version": "20D31"
},
{
"status": "affected",
"version": "20D32"
}
]
}
],
"datePublic": "2022-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:40:06",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Format String vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@baxter.com",
"DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
"ID": "CVE-2022-26392",
"STATE": "PUBLIC",
"TITLE": "Format String vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "16",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "16D38",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17D19",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D29",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D30",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D31",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D32",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Baxter"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-134 Use of Externally-Controlled Format String"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26392",
"datePublished": "2022-09-09T14:40:06.166154Z",
"dateReserved": "2022-03-03T00:00:00",
"dateUpdated": "2024-09-17T02:31:43.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26393 (GCVE-0-2022-26393)
Vulnerability from cvelistv5 – Published: 2022-09-09 14:40 – Updated: 2024-09-16 18:34
VLAI?
Summary
The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM.
Severity ?
5 (Medium)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) |
Affected:
20D29
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter Spectrum Wireless Battery Module (WBM)",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "20D29"
}
]
}
],
"datePublic": "2022-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:40:06",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Format String vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@baxter.com",
"DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
"ID": "CVE-2022-26393",
"STATE": "PUBLIC",
"TITLE": "Format String vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "20D29",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Baxter"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-134 Use of Externally-Controlled Format String"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26393",
"datePublished": "2022-09-09T14:40:06.531113Z",
"dateReserved": "2022-03-03T00:00:00",
"dateUpdated": "2024-09-16T18:34:30.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26394 (GCVE-0-2022-26394)
Vulnerability from cvelistv5 – Published: 2022-09-09 14:40 – Updated: 2024-09-16 19:35
VLAI?
Summary
The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.
Severity ?
5.5 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) |
Affected:
16
Affected: 16D38 Affected: 17 Affected: 17D19 Affected: 20D29 Affected: 20D30 Affected: 20D31 Affected: 20D32 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter Spectrum Wireless Battery Module (WBM)",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "16D38"
},
{
"status": "affected",
"version": "17"
},
{
"status": "affected",
"version": "17D19"
},
{
"status": "affected",
"version": "20D29"
},
{
"status": "affected",
"version": "20D30"
},
{
"status": "affected",
"version": "20D31"
},
{
"status": "affected",
"version": "20D32"
}
]
}
],
"datePublic": "2022-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:40:05",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauthenticated network reconfiguration via TCP/UDP",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@baxter.com",
"DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
"ID": "CVE-2022-26394",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated network reconfiguration via TCP/UDP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "16",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "16D38",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17D19",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D29",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D30",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D31",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D32",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Baxter"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26394",
"datePublished": "2022-09-09T14:40:05.978240Z",
"dateReserved": "2022-03-03T00:00:00",
"dateUpdated": "2024-09-16T19:35:30.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26390 (GCVE-0-2022-26390)
Vulnerability from nvd – Published: 2022-09-09 14:40 – Updated: 2024-09-17 04:09
VLAI?
Summary
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.
Severity ?
4.2 (Medium)
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) |
Affected:
16
Affected: 16D38 Affected: 17 Affected: 17D19 Affected: 20D29 Affected: 20D30 Affected: 20D31 Affected: 20D32 Affected: 22D19 Affected: 22D20 Affected: 22D21 Affected: 22D22 Affected: 22D23 Affected: 22D24 Affected: 22D25 Affected: 22D26 Affected: 22D27 Affected: 22D28 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter Spectrum Wireless Battery Module (WBM)",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "16D38"
},
{
"status": "affected",
"version": "17"
},
{
"status": "affected",
"version": "17D19"
},
{
"status": "affected",
"version": "20D29"
},
{
"status": "affected",
"version": "20D30"
},
{
"status": "affected",
"version": "20D31"
},
{
"status": "affected",
"version": "20D32"
},
{
"status": "affected",
"version": "22D19"
},
{
"status": "affected",
"version": "22D20"
},
{
"status": "affected",
"version": "22D21"
},
{
"status": "affected",
"version": "22D22"
},
{
"status": "affected",
"version": "22D23"
},
{
"status": "affected",
"version": "22D24"
},
{
"status": "affected",
"version": "22D25"
},
{
"status": "affected",
"version": "22D26"
},
{
"status": "affected",
"version": "22D27"
},
{
"status": "affected",
"version": "22D28"
}
]
}
],
"datePublic": "2022-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn\u0027t had all data and settings erased may be able to extract sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:40:06",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unencrypted internal storage of security credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@baxter.com",
"DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
"ID": "CVE-2022-26390",
"STATE": "PUBLIC",
"TITLE": "Unencrypted internal storage of security credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "16",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "16D38",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17D19",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D29",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D30",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D31",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D32",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D19",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D20",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D21",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D22",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D23",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D24",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D25",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D26",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D27",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "22D28",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Baxter"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn\u0027t had all data and settings erased may be able to extract sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26390",
"datePublished": "2022-09-09T14:40:06.351985Z",
"dateReserved": "2022-03-03T00:00:00",
"dateUpdated": "2024-09-17T04:09:45.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26392 (GCVE-0-2022-26392)
Vulnerability from nvd – Published: 2022-09-09 14:40 – Updated: 2024-09-17 02:31
VLAI?
Summary
The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.
Severity ?
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) |
Affected:
16
Affected: 16D38 Affected: 17 Affected: 17D19 Affected: 20D29 Affected: 20D30 Affected: 20D31 Affected: 20D32 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter Spectrum Wireless Battery Module (WBM)",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "16D38"
},
{
"status": "affected",
"version": "17"
},
{
"status": "affected",
"version": "17D19"
},
{
"status": "affected",
"version": "20D29"
},
{
"status": "affected",
"version": "20D30"
},
{
"status": "affected",
"version": "20D31"
},
{
"status": "affected",
"version": "20D32"
}
]
}
],
"datePublic": "2022-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:40:06",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Format String vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@baxter.com",
"DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
"ID": "CVE-2022-26392",
"STATE": "PUBLIC",
"TITLE": "Format String vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "16",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "16D38",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17D19",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D29",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D30",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D31",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D32",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Baxter"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-134 Use of Externally-Controlled Format String"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26392",
"datePublished": "2022-09-09T14:40:06.166154Z",
"dateReserved": "2022-03-03T00:00:00",
"dateUpdated": "2024-09-17T02:31:43.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26393 (GCVE-0-2022-26393)
Vulnerability from nvd – Published: 2022-09-09 14:40 – Updated: 2024-09-16 18:34
VLAI?
Summary
The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM.
Severity ?
5 (Medium)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) |
Affected:
20D29
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter Spectrum Wireless Battery Module (WBM)",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "20D29"
}
]
}
],
"datePublic": "2022-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:40:06",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Format String vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@baxter.com",
"DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
"ID": "CVE-2022-26393",
"STATE": "PUBLIC",
"TITLE": "Format String vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "20D29",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Baxter"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-134 Use of Externally-Controlled Format String"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26393",
"datePublished": "2022-09-09T14:40:06.531113Z",
"dateReserved": "2022-03-03T00:00:00",
"dateUpdated": "2024-09-16T18:34:30.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26394 (GCVE-0-2022-26394)
Vulnerability from nvd – Published: 2022-09-09 14:40 – Updated: 2024-09-16 19:35
VLAI?
Summary
The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.
Severity ?
5.5 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Baxter | Baxter Spectrum Wireless Battery Module (WBM) |
Affected:
16
Affected: 16D38 Affected: 17 Affected: 17D19 Affected: 20D29 Affected: 20D30 Affected: 20D31 Affected: 20D32 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baxter Spectrum Wireless Battery Module (WBM)",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "16D38"
},
{
"status": "affected",
"version": "17"
},
{
"status": "affected",
"version": "17D19"
},
{
"status": "affected",
"version": "20D29"
},
{
"status": "affected",
"version": "20D30"
},
{
"status": "affected",
"version": "20D31"
},
{
"status": "affected",
"version": "20D32"
}
]
}
],
"datePublic": "2022-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:40:05",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauthenticated network reconfiguration via TCP/UDP",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@baxter.com",
"DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
"ID": "CVE-2022-26394",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated network reconfiguration via TCP/UDP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "16",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "16D38",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "17D19",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D29",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D30",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D31",
"version_value": ""
},
{
"version_affected": "=",
"version_name": "20D32",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Baxter"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2022-26394",
"datePublished": "2022-09-09T14:40:05.978240Z",
"dateReserved": "2022-03-03T00:00:00",
"dateUpdated": "2024-09-16T19:35:30.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}