Lucene search

[email protected]NVD:CVE-2022-26390

HistorySep 09, 2022 - 3:15 p.m.

CVE-2022-26390

2022-09-0915:15:09

CWE-311

CWE-312

[email protected]

web.nvd.nist.gov

baxter spectrum wbm

unencrypted data

network credentials

phi

security risk

physical access

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

22.8%

JSON

The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn’t had all data and settings erased may be able to extract sensitive information.

Affected configurations

Nvd

Node

baxterspectrum_wireless_battery_module_firmwareRange20d29–20d32

baxterspectrum_wireless_battery_module_firmwareRange22d19–22d28

baxterspectrum_wireless_battery_module_firmwareMatch16

baxterspectrum_wireless_battery_module_firmwareMatch16d38

baxterspectrum_wireless_battery_module_firmwareMatch17

baxterspectrum_wireless_battery_module_firmwareMatch17d19

AND

baxterspectrum_wireless_battery_moduleMatch-

Node

baxtersigma_spectrum_35700bax_firmwareMatch-

AND

baxtersigma_spectrum_35700baxMatch-

Node

baxtersigma_spectrum_35700bax2_firmwareMatch-

AND

baxtersigma_spectrum_35700bax2Match-

Node

baxterbaxter_spectrum_iq_35700bax3_firmwareMatch-

AND

baxterbaxter_spectrum_iq_35700bax3Match-

VendorProductVersionCPE
baxterspectrum_wireless_battery_module_firmware*cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:*:*:*:*:*:*:*:*
baxterspectrum_wireless_battery_module_firmware16cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:*:*:*:*:*:*:*
baxterspectrum_wireless_battery_module_firmware16d38cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:*:*:*:*:*:*:*
baxterspectrum_wireless_battery_module_firmware17cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:*:*:*:*:*:*:*
baxterspectrum_wireless_battery_module_firmware17d19cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:*:*:*:*:*:*:*
baxterspectrum_wireless_battery_module-cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:*:*:*:*:*:*:*
baxtersigma_spectrum_35700bax_firmware-cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:*:*:*:*:*:*:*
baxtersigma_spectrum_35700bax-cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:*:*:*:*:*:*:*
baxtersigma_spectrum_35700bax2_firmware-cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:*:*:*:*:*:*:*
baxtersigma_spectrum_35700bax2-cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
baxter	spectrum_wireless_battery_module_firmware	*	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware::::::::
baxter	spectrum_wireless_battery_module_firmware	16	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16:::::::*
baxter	spectrum_wireless_battery_module_firmware	16d38	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:16d38:::::::*
baxter	spectrum_wireless_battery_module_firmware	17	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17:::::::*
baxter	spectrum_wireless_battery_module_firmware	17d19	cpe:2.3:o:baxter:spectrum_wireless_battery_module_firmware:17d19:::::::*
baxter	spectrum_wireless_battery_module	-	cpe:2.3:h:baxter:spectrum_wireless_battery_module:-:::::::*
baxter	sigma_spectrum_35700bax_firmware	-	cpe:2.3:o:baxter:sigma_spectrum_35700bax_firmware:-:::::::*
baxter	sigma_spectrum_35700bax	-	cpe:2.3:h:baxter:sigma_spectrum_35700bax:-:::::::*
baxter	sigma_spectrum_35700bax2_firmware	-	cpe:2.3:o:baxter:sigma_spectrum_35700bax2_firmware:-:::::::*
baxter	sigma_spectrum_35700bax2	-	cpe:2.3:h:baxter:sigma_spectrum_35700bax2:-:::::::*