Lucene search

BaxterCVE-2022-26390

HistorySep 09, 2022 - 3:15 p.m.

CVE-2022-26390

2022-09-0915:15:09

CWE-312

CWE-311

Baxter

web.nvd.nist.gov

baxter spectrum

wireless battery module

wbm

network credentials

phi

unencrypted

sensitive information

nvd

cve-2022-26390

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

22.8%

JSON

The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn’t had all data and settings erased may be able to extract sensitive information.

Affected configurations

Nvd

Node

baxterspectrum_wireless_battery_module_firmwareRange20d29–20d32

baxterspectrum_wireless_battery_module_firmwareRange22d19–22d28

baxterspectrum_wireless_battery_module_firmwareMatch16

baxterspectrum_wireless_battery_module_firmwareMatch16d38

baxterspectrum_wireless_battery_module_firmwareMatch17

baxterspectrum_wireless_battery_module_firmwareMatch17d19

AND

baxterspectrum_wireless_battery_moduleMatch-

Node

baxtersigma_spectrum_35700bax_firmwareMatch-

AND

baxtersigma_spectrum_35700baxMatch-

Node

baxtersigma_spectrum_35700bax2_firmwareMatch-

AND

baxtersigma_spectrum_35700bax2Match-

Node

baxterbaxter_spectrum_iq_35700bax3_firmwareMatch-

AND

baxterbaxter_spectrum_iq_35700bax3Match-

VendorProductVersionCPE
baxterspectrum_wireless_battery_module_firmware*cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*
baxterspectrum_wireless_battery_module_firmware16cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*
baxterspectrum_wireless_battery_module_firmware16d38cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*
baxterspectrum_wireless_battery_module_firmware17cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*
baxterspectrum_wireless_battery_module_firmware17d19cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*
baxterspectrum_wireless_battery_module-cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*
baxtersigma_spectrum_35700bax_firmware-cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*
baxtersigma_spectrum_35700bax-cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*
baxtersigma_spectrum_35700bax2_firmware-cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*
baxtersigma_spectrum_35700bax2-cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
baxter	spectrum_wireless_battery_module_firmware	*	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware::::::::
baxter	spectrum_wireless_battery_module_firmware	16	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:::::::*
baxter	spectrum_wireless_battery_module_firmware	16d38	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:::::::*
baxter	spectrum_wireless_battery_module_firmware	17	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:::::::*
baxter	spectrum_wireless_battery_module_firmware	17d19	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:::::::*
baxter	spectrum_wireless_battery_module	-	cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:::::::*
baxter	sigma_spectrum_35700bax_firmware	-	cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:::::::*
baxter	sigma_spectrum_35700bax	-	cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:::::::*
baxter	sigma_spectrum_35700bax2_firmware	-	cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:::::::*
baxter	sigma_spectrum_35700bax2	-	cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Baxter Spectrum Wireless Battery Module (WBM)",
    "vendor": "Baxter",
    "versions": [
      {
        "status": "affected",
        "version": "16"
      },
      {
        "status": "affected",
        "version": "16D38"
      },
      {
        "status": "affected",
        "version": "17"
      },
      {
        "status": "affected",
        "version": "17D19"
      },
      {
        "status": "affected",
        "version": "20D29"
      },
      {
        "status": "affected",
        "version": "20D30"
      },
      {
        "status": "affected",
        "version": "20D31"
      },
      {
        "status": "affected",
        "version": "20D32"
      },
      {
        "status": "affected",
        "version": "22D19"
      },
      {
        "status": "affected",
        "version": "22D20"
      },
      {
        "status": "affected",
        "version": "22D21"
      },
      {
        "status": "affected",
        "version": "22D22"
      },
      {
        "status": "affected",
        "version": "22D23"
      },
      {
        "status": "affected",
        "version": "22D24"
      },
      {
        "status": "affected",
        "version": "22D25"
      },
      {
        "status": "affected",
        "version": "22D26"
      },
      {
        "status": "affected",
        "version": "22D27"
      },
      {
        "status": "affected",
        "version": "22D28"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsma-22-251-01

www.us-cert.gov/ics/advisories/icsma-22-xxx-xx

Social References

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

22.8%

JSON

Related for CVE-2022-26390