cvelistv5 - cve-2022-26394

CVE-2022-26394 (GCVE-0-2022-26394)

Vulnerability from cvelistv5 – Published: 2022-09-09 14:40 – Updated: 2024-09-16 19:35

Summary

The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

Baxter

References

URL

Tags

https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Baxter	Baxter Spectrum Wireless Battery Module (WBM)	Affected: 16 Affected: 16D38 Affected: 17 Affected: 17D19 Affected: 20D29 Affected: 20D30 Affected: 20D31 Affected: 20D32

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:03:32.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Baxter Spectrum Wireless Battery Module (WBM)",
          "vendor": "Baxter",
          "versions": [
            {
              "status": "affected",
              "version": "16"
            },
            {
              "status": "affected",
              "version": "16D38"
            },
            {
              "status": "affected",
              "version": "17"
            },
            {
              "status": "affected",
              "version": "17D19"
            },
            {
              "status": "affected",
              "version": "20D29"
            },
            {
              "status": "affected",
              "version": "20D30"
            },
            {
              "status": "affected",
              "version": "20D31"
            },
            {
              "status": "affected",
              "version": "20D32"
            }
          ]
        }
      ],
      "datePublic": "2022-09-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-09T14:40:05",
        "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
        "shortName": "Baxter"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated network reconfiguration via TCP/UDP",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productsecurity@baxter.com",
          "DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
          "ID": "CVE-2022-26394",
          "STATE": "PUBLIC",
          "TITLE": "Unauthenticated network reconfiguration via TCP/UDP"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "16",
                            "version_value": ""
                          },
                          {
                            "version_affected": "=",
                            "version_name": "16D38",
                            "version_value": ""
                          },
                          {
                            "version_affected": "=",
                            "version_name": "17",
                            "version_value": ""
                          },
                          {
                            "version_affected": "=",
                            "version_name": "17D19",
                            "version_value": ""
                          },
                          {
                            "version_affected": "=",
                            "version_name": "20D29",
                            "version_value": ""
                          },
                          {
                            "version_affected": "=",
                            "version_name": "20D30",
                            "version_value": ""
                          },
                          {
                            "version_affected": "=",
                            "version_name": "20D31",
                            "version_value": ""
                          },
                          {
                            "version_affected": "=",
                            "version_name": "20D32",
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Baxter"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-306 Missing Authentication for Critical Function"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
    "assignerShortName": "Baxter",
    "cveId": "CVE-2022-26394",
    "datePublished": "2022-09-09T14:40:05.978240Z",
    "dateReserved": "2022-03-03T00:00:00",
    "dateUpdated": "2024-09-16T19:35:30.066Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20d29\", \"versionEndIncluding\": \"20d32\", \"matchCriteriaId\": \"34DB00B2-DE3D-4D7B-9F03-35060096C37C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"719496E8-9020-456F-8CCC-FDFE10CF2820\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03DA9071-305A-4319-9807-1BD6F9EB8FDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C68B374-58AD-4E71-9B83-3CA0241B8A4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85202DB1-56E1-43C6-81BC-C141862D72C0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15E8AA9C-1024-482D-8636-551486698A8C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1354B2D0-A259-4832-BB3D-BD9C157FB5C0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EAFF022-6879-4734-9AEB-DE45E6E235DE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2715381-CA8F-416B-B9AD-9CDBDC181338\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"576C9566-DA3F-43E8-B4E8-C5DEF3B06696\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89AFD13D-97D8-40A5-B36B-9B65229302B1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71D6364A-9707-4BB0-8808-AF3314026A79\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.\"}, {\"lang\": \"es\", \"value\": \"Baxter Spectrum WBM no lleva a cabo una autenticaci\\u00f3n mutua con el host del servidor de la pasarela. Esto puede permitir a un atacante llevar a cabo un ataque de hombre en el medio que modifique los par\\u00e1metros haciendo que la conexi\\u00f3n de red falle\"}]",
      "id": "CVE-2022-26394",
      "lastModified": "2024-11-21T06:53:54.183",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"productsecurity@baxter.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}]}",
      "published": "2022-09-09T15:15:09.697",
      "references": "[{\"url\": \"https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx\", \"source\": \"productsecurity@baxter.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01\", \"source\": \"nvd@nist.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}]",
      "sourceIdentifier": "productsecurity@baxter.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"productsecurity@baxter.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-26394\",\"sourceIdentifier\":\"productsecurity@baxter.com\",\"published\":\"2022-09-09T15:15:09.697\",\"lastModified\":\"2024-11-21T06:53:54.183\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.\"},{\"lang\":\"es\",\"value\":\"Baxter Spectrum WBM no lleva a cabo una autenticaci\u00f3n mutua con el host del servidor de la pasarela. Esto puede permitir a un atacante llevar a cabo un ataque de hombre en el medio que modifique los par\u00e1metros haciendo que la conexi\u00f3n de red falle\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productsecurity@baxter.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.1,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"productsecurity@baxter.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20d29\",\"versionEndIncluding\":\"20d32\",\"matchCriteriaId\":\"34DB00B2-DE3D-4D7B-9F03-35060096C37C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"719496E8-9020-456F-8CCC-FDFE10CF2820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03DA9071-305A-4319-9807-1BD6F9EB8FDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C68B374-58AD-4E71-9B83-3CA0241B8A4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85202DB1-56E1-43C6-81BC-C141862D72C0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15E8AA9C-1024-482D-8636-551486698A8C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1354B2D0-A259-4832-BB3D-BD9C157FB5C0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EAFF022-6879-4734-9AEB-DE45E6E235DE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2715381-CA8F-416B-B9AD-9CDBDC181338\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"576C9566-DA3F-43E8-B4E8-C5DEF3B06696\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89AFD13D-97D8-40A5-B36B-9B65229302B1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71D6364A-9707-4BB0-8808-AF3314026A79\"}]}]}],\"references\":[{\"url\":\"https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx\",\"source\":\"productsecurity@baxter.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01\",\"source\":\"nvd@nist.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]}]}}"
  }
}

GHSA-CF6P-6FQM-MPW5

Vulnerability from github – Published: 2022-09-10 00:00 – Updated: 2022-09-17 00:00

Details

Severity ?

5.4 (Medium)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-26394"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-09T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.",
  "id": "GHSA-cf6p-6fqm-mpw5",
  "modified": "2022-09-17T00:00:36Z",
  "published": "2022-09-10T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26394"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2022-26394

Vulnerability from fkie_nvd - Published: 2022-09-09 15:15 - Updated: 2024-11-21 06:53

Severity ?

5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Summary

References

URL	Tags
productsecurity@baxter.com	https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx	Broken Link
nvd@nist.gov	https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx	Broken Link

Impacted products

Vendor	Product	Version
baxter	spectrum_wireless_battery_module_firmware	*
baxter	spectrum_wireless_battery_module_firmware	16
baxter	spectrum_wireless_battery_module_firmware	16d38
baxter	spectrum_wireless_battery_module_firmware	17
baxter	spectrum_wireless_battery_module_firmware	17d19
baxter	spectrum_wireless_battery_module	-
baxter	sigma_spectrum_35700bax_firmware	-
baxter	sigma_spectrum_35700bax	-
baxter	sigma_spectrum_35700bax2_firmware	-
baxter	sigma_spectrum_35700bax2	-
baxter	baxter_spectrum_iq_35700bax3_firmware	-
baxter	baxter_spectrum_iq_35700bax3	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34DB00B2-DE3D-4D7B-9F03-35060096C37C",
              "versionEndIncluding": "20d32",
              "versionStartIncluding": "20d29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*",
              "matchCriteriaId": "719496E8-9020-456F-8CCC-FDFE10CF2820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*",
              "matchCriteriaId": "03DA9071-305A-4319-9807-1BD6F9EB8FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C68B374-58AD-4E71-9B83-3CA0241B8A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*",
              "matchCriteriaId": "85202DB1-56E1-43C6-81BC-C141862D72C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E8AA9C-1024-482D-8636-551486698A8C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1354B2D0-A259-4832-BB3D-BD9C157FB5C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EAFF022-6879-4734-9AEB-DE45E6E235DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2715381-CA8F-416B-B9AD-9CDBDC181338",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "576C9566-DA3F-43E8-B4E8-C5DEF3B06696",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89AFD13D-97D8-40A5-B36B-9B65229302B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71D6364A-9707-4BB0-8808-AF3314026A79",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."
    },
    {
      "lang": "es",
      "value": "Baxter Spectrum WBM no lleva a cabo una autenticaci\u00f3n mutua con el host del servidor de la pasarela. Esto puede permitir a un atacante llevar a cabo un ataque de hombre en el medio que modifique los par\u00e1metros haciendo que la conexi\u00f3n de red falle"
    }
  ],
  "id": "CVE-2022-26394",
  "lastModified": "2024-11-21T06:53:54.183",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.4,
        "source": "productsecurity@baxter.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-09T15:15:09.697",
  "references": [
    {
      "source": "productsecurity@baxter.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
    }
  ],
  "sourceIdentifier": "productsecurity@baxter.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "productsecurity@baxter.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-26394

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-26394

Aliases

CVE-2022-26394

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-26394",
    "description": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.",
    "id": "GSD-2022-26394"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-26394"
      ],
      "details": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.",
      "id": "GSD-2022-26394",
      "modified": "2023-12-13T01:19:38.480048Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productsecurity@baxter.com",
        "DATE_PUBLIC": "2022-09-08T22:03:00.000Z",
        "ID": "CVE-2022-26394",
        "STATE": "PUBLIC",
        "TITLE": "Unauthenticated network reconfiguration via TCP/UDP"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Baxter Spectrum Wireless Battery Module (WBM)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_name": "16",
                          "version_value": " "
                        },
                        {
                          "version_affected": "=",
                          "version_name": "16D38",
                          "version_value": " "
                        },
                        {
                          "version_affected": "=",
                          "version_name": "17",
                          "version_value": " "
                        },
                        {
                          "version_affected": "=",
                          "version_name": "17D19",
                          "version_value": " "
                        },
                        {
                          "version_affected": "=",
                          "version_name": "20D29",
                          "version_value": " "
                        },
                        {
                          "version_affected": "=",
                          "version_name": "20D30",
                          "version_value": " "
                        },
                        {
                          "version_affected": "=",
                          "version_name": "20D31",
                          "version_value": " "
                        },
                        {
                          "version_affected": "=",
                          "version_name": "20D32",
                          "version_value": " "
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Baxter"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-306 Missing Authentication for Critical Function"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
            "refsource": "MISC",
            "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "20d32",
                    "versionStartIncluding": "20d29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:baxter:baxter_spectrum_iq_35700bax3_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:baxter:baxter_spectrum_iq_35700bax3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productsecurity@baxter.com",
          "ID": "CVE-2022-26394"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsma-22-xxx-xx"
            },
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-251-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2022-09-16T16:47Z",
      "publishedDate": "2022-09-09T15:15Z"
    }
  }
}

ICSMA-22-251-01

Vulnerability from csaf_cisa - Published: 2022-09-08 00:00 - Updated: 2022-09-29 00:00

Summary

Baxter Sigma Spectrum Infusion Pump (Update A)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration.

Critical infrastructure sectors

Healthcare and Public Health

Countries/areas deployed

United States, Canada, Puerto Rico, Caribbean

Company headquarters location

United States

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Exploitability

No known public exploits specifically target these vulnerabilities. These vulnerabilities have a high attack complexity.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Deral Heiland"
        ],
        "organization": "Rapid 7",
        "summary": "reporting these vulnerabilities to Baxter"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Healthcare and Public Health",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "United States, Canada, Puerto Rico, Caribbean",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities. These vulnerabilities have a high attack complexity.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-22-251-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsma-22-251-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-22-251-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-251-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-251-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      }
    ],
    "title": "Baxter Sigma Spectrum Infusion Pump (Update A)",
    "tracking": {
      "current_release_date": "2022-09-29T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSMA-22-251-01",
      "initial_release_date": "2022-09-08T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2022-09-08T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Baxter Sigma Spectrum Infusion Pump (Update A)"
        },
        {
          "date": "2022-09-29T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "Baxter Sigma Spectrum Infusion Pump (Update A)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.x model 35700BAX3",
                "product": {
                  "name": "Baxter Spectrum IQ: (v9.x) model 35700BAX3",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Baxter Spectrum IQ"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "9.x (with Wireless Battery Modules \u003e= 22D19 | \u003c= v22D28)",
                "product": {
                  "name": "Baxter Spectrum IQ LVP: (v9.x) with Wireless Battery Modules v22D19 to v22D28",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Baxter Spectrum IQ LVP"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.x model 35700BAX2",
                "product": {
                  "name": "Sigma Spectrum: v8.x model 35700BAX2",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Sigma Spectrum"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.x model 35700BAX",
                "product": {
                  "name": "Sigma Spectrum: v6.x model 35700BAX",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Sigma Spectrum"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "8.x (Wireless Battery Modules v17 | v17D19 \u003e= 20D29 | \u003c= 20D32 | \u003e= 22D24 | \u003c= 22D28)",
                "product": {
                  "name": "Sigma Spectrum LVP: v8.x Wireless Battery Modules v17 v17D19 v20D29 to v20D32 and v22D24 to v22D28",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "Sigma Spectrum LVP"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "6.x (Wireless Battery Modules (16 | 16D38 | 17 | 17D19 | \u003e= 20D29 | \u003c= v20D32 | \u003e= 22D24 | \u003c= v22D28)",
                "product": {
                  "name": "Sigma Spectrum LVP: v6.x Wireless Battery Modules v16 v16D38 v17 v17D19 v20D29 to v20D32 and v22D24 to v22D28",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "Sigma Spectrum LVP"
          }
        ],
        "category": "vendor",
        "name": "Baxter"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-26390",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Baxter Spectrum WBM (v16, v16D38, v17, v17D19, v20D29 to v20D32, and v22D19 to v22D28) stores network credentials and patient health information (PHI) in unencrypted form. PHI is only stored in Spectrum IQ pumps using auto programming. An attacker with physical access to a device without all data and settings erased may be able to extract sensitive information. CVE-2022-26390 has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is (AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26390"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "According to Baxter, software updates to disable Telnet and FTP (CVE-2022-26392) are in process. Software updates addressing the format string attack (CVE-2022-26393) are included in WBM version 20D30 and all other WBM versions authentication is already available in Spectrum IQ (CVE-2022-26394). Instructions to erase all data and settings on WBMs and pumps before decommissioning and transferring to other facilities (CVE-2022-26390) are in process for incorporation into the Spectrum Operator\u0027s Manual.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Baxter provides recommended steps for erasing all data and settings on the pump to be decommissioned: Reset the network settings (Biomed-\u003eNetwork Configuration-\u003eTransfer Network Settings-\u003eReset). Delete the drug library. Clear the history log.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "To erase all data and settings on the WBM to be decommissioned: Select a pump other than the one last used with the WBM. Reset the network settings and enable networking on the pump. Place the WBM on the pump. Wait until the network icon turns yellow.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Ensure appropriate physical controls within user environments to protect against unauthorized access to devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Isolate the Spectrum Infusion Systems to its own network virtual local area network (VLAN) to segregate the system from other hospital systems and reduce the probability that a threat actor could execute an adjacent attack, such as a machine-in-the-middle attack against the system to observe clear-text communications.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use the strongest available wireless network security protocols (WPA2, EAP-TLS, etc.) to provide authentication/encryption of wireless data sent to/from the Spectrum Infusion System.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Users should ensure the WBM is rebooted after configuration for their network(s) by removing the WBM from the rear of the Spectrum device for 10-15 seconds, and then re-attaching the WBM.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Users should always monitor for and/or block unexpected traffic, such as FTP and Telnet, at network boundaries into the Spectrum-specific VLAN.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a last resort, users may disable wireless operation of the pump; the Spectrum Infusion System was designed to operate without network access. This action would impact an organization\u2019s ability to rapidly deploy drug library (formulary) updates to their pumps.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For additional information, see the Baxter Product Security Bulletin.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://www.baxter.com/product-security#additionalresources"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-26392",
      "cwe": {
        "id": "CWE-134",
        "name": "Use of Externally-Controlled Format String"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Baxter Spectrum WBM (v16, v16D38, v17, v17D19, and v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM, potentially accessing sensitive information. The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32), when in superuser mode, are susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information. CVE-2022-26392 has been assigned to this vulnerability. A CVSS v3 base score of 3.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26392"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "According to Baxter, software updates to disable Telnet and FTP (CVE-2022-26392) are in process. Software updates addressing the format string attack (CVE-2022-26393) are included in WBM version 20D30 and all other WBM versions authentication is already available in Spectrum IQ (CVE-2022-26394). Instructions to erase all data and settings on WBMs and pumps before decommissioning and transferring to other facilities (CVE-2022-26390) are in process for incorporation into the Spectrum Operator\u0027s Manual.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Baxter provides recommended steps for erasing all data and settings on the pump to be decommissioned: Reset the network settings (Biomed-\u003eNetwork Configuration-\u003eTransfer Network Settings-\u003eReset). Delete the drug library. Clear the history log.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "To erase all data and settings on the WBM to be decommissioned: Select a pump other than the one last used with the WBM. Reset the network settings and enable networking on the pump. Place the WBM on the pump. Wait until the network icon turns yellow.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Ensure appropriate physical controls within user environments to protect against unauthorized access to devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Isolate the Spectrum Infusion Systems to its own network virtual local area network (VLAN) to segregate the system from other hospital systems and reduce the probability that a threat actor could execute an adjacent attack, such as a machine-in-the-middle attack against the system to observe clear-text communications.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use the strongest available wireless network security protocols (WPA2, EAP-TLS, etc.) to provide authentication/encryption of wireless data sent to/from the Spectrum Infusion System.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Users should ensure the WBM is rebooted after configuration for their network(s) by removing the WBM from the rear of the Spectrum device for 10-15 seconds, and then re-attaching the WBM.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Users should always monitor for and/or block unexpected traffic, such as FTP and Telnet, at network boundaries into the Spectrum-specific VLAN.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a last resort, users may disable wireless operation of the pump; the Spectrum Infusion System was designed to operate without network access. This action would impact an organization\u2019s ability to rapidly deploy drug library (formulary) updates to their pumps.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For additional information, see the Baxter Product Security Bulletin.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://www.baxter.com/product-security#additionalresources"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-26393",
      "cwe": {
        "id": "CWE-134",
        "name": "Use of Externally-Controlled Format String"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Baxter Spectrum WBM (v20D29) is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a denial-of-service condition on the WBM. CVE-2022-26393 has been assigned to this vulnerability. A CVSS v3 base score of 5.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26393"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "According to Baxter, software updates to disable Telnet and FTP (CVE-2022-26392) are in process. Software updates addressing the format string attack (CVE-2022-26393) are included in WBM version 20D30 and all other WBM versions authentication is already available in Spectrum IQ (CVE-2022-26394). Instructions to erase all data and settings on WBMs and pumps before decommissioning and transferring to other facilities (CVE-2022-26390) are in process for incorporation into the Spectrum Operator\u0027s Manual.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Baxter provides recommended steps for erasing all data and settings on the pump to be decommissioned: Reset the network settings (Biomed-\u003eNetwork Configuration-\u003eTransfer Network Settings-\u003eReset). Delete the drug library. Clear the history log.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "To erase all data and settings on the WBM to be decommissioned: Select a pump other than the one last used with the WBM. Reset the network settings and enable networking on the pump. Place the WBM on the pump. Wait until the network icon turns yellow.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Ensure appropriate physical controls within user environments to protect against unauthorized access to devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Isolate the Spectrum Infusion Systems to its own network virtual local area network (VLAN) to segregate the system from other hospital systems and reduce the probability that a threat actor could execute an adjacent attack, such as a machine-in-the-middle attack against the system to observe clear-text communications.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use the strongest available wireless network security protocols (WPA2, EAP-TLS, etc.) to provide authentication/encryption of wireless data sent to/from the Spectrum Infusion System.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Users should ensure the WBM is rebooted after configuration for their network(s) by removing the WBM from the rear of the Spectrum device for 10-15 seconds, and then re-attaching the WBM.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Users should always monitor for and/or block unexpected traffic, such as FTP and Telnet, at network boundaries into the Spectrum-specific VLAN.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a last resort, users may disable wireless operation of the pump; the Spectrum Infusion System was designed to operate without network access. This action would impact an organization\u2019s ability to rapidly deploy drug library (formulary) updates to their pumps.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For additional information, see the Baxter Product Security Bulletin.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://www.baxter.com/product-security#additionalresources"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-26394",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Baxter Spectrum WBM (v16, v16D38, v17, v17D19, and v20D29 to v20D32) does not perform mutual authentication with the gateway server host. This could allow an attacker to perform a machine-in-the-middle attack that modifies parameters, making the network connection fail. Alternatively, an attacker could spoof the server host and send specifically crafted data. CVE-2022-26394 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26394"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "According to Baxter, software updates to disable Telnet and FTP (CVE-2022-26392) are in process. Software updates addressing the format string attack (CVE-2022-26393) are included in WBM version 20D30 and all other WBM versions authentication is already available in Spectrum IQ (CVE-2022-26394). Instructions to erase all data and settings on WBMs and pumps before decommissioning and transferring to other facilities (CVE-2022-26390) are in process for incorporation into the Spectrum Operator\u0027s Manual.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Baxter provides recommended steps for erasing all data and settings on the pump to be decommissioned: Reset the network settings (Biomed-\u003eNetwork Configuration-\u003eTransfer Network Settings-\u003eReset). Delete the drug library. Clear the history log.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "To erase all data and settings on the WBM to be decommissioned: Select a pump other than the one last used with the WBM. Reset the network settings and enable networking on the pump. Place the WBM on the pump. Wait until the network icon turns yellow.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Ensure appropriate physical controls within user environments to protect against unauthorized access to devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Isolate the Spectrum Infusion Systems to its own network virtual local area network (VLAN) to segregate the system from other hospital systems and reduce the probability that a threat actor could execute an adjacent attack, such as a machine-in-the-middle attack against the system to observe clear-text communications.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Use the strongest available wireless network security protocols (WPA2, EAP-TLS, etc.) to provide authentication/encryption of wireless data sent to/from the Spectrum Infusion System.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Users should ensure the WBM is rebooted after configuration for their network(s) by removing the WBM from the rear of the Spectrum device for 10-15 seconds, and then re-attaching the WBM.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Users should always monitor for and/or block unexpected traffic, such as FTP and Telnet, at network boundaries into the Spectrum-specific VLAN.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a last resort, users may disable wireless operation of the pump; the Spectrum Infusion System was designed to operate without network access. This action would impact an organization\u2019s ability to rapidly deploy drug library (formulary) updates to their pumps.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For additional information, see the Baxter Product Security Bulletin.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://www.baxter.com/product-security#additionalresources"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-26394 (GCVE-0-2022-26394)

GHSA-CF6P-6FQM-MPW5

FKIE_CVE-2022-26394

GSD-2022-26394

ICSMA-22-251-01

Tags

Sightings

Nomenclature